diff --git a/How to Issue an Insert to Put Data Into a Database/Program.vb b/How to Issue an Insert to Put Data Into a Database/Program.vb
index c1aaba6..b5a86ed 100644
--- a/How to Issue an Insert to Put Data Into a Database/Program.vb	
+++ b/How to Issue an Insert to Put Data Into a Database/Program.vb	
@@ -13,6 +13,10 @@ Module Program
         Dim connectionString As String = $"Data Source={DatabaseFileName};Version=3;"
 
         ' Set up parameterized SQL query
+        ' -----------------------------------------------------------------------------
+        ' Security Note: Never concatenate (or join) a string into a SQL statement.
+        ' Always use parameterized queries to prevent SQL Injection attacks.
+        ' -----------------------------------------------------------------------------
         Dim query As String = "INSERT INTO Users (Name, Country) VALUES (@Name, @Country)"
 
         Using conn As New SQLiteConnection(connectionString)