diff --git a/src/tests/securityTests/sqlInjectionTest.js b/src/tests/securityTests/sqlInjectionTest.js
new file mode 100644
index 000000000..43527bc1b
--- /dev/null
+++ b/src/tests/securityTests/sqlInjectionTest.js
@@ -0,0 +1,15 @@
+// tests/securityTests/sqlInjectionTest.js
+
+const axios = require('axios');
+
+async function testSqlInjection() {
+    const maliciousInput = "' OR '1'='1"; // Example of SQL injection payload
+    try {
+        const response = await axios.get(`http://localhost:3000/api/users?username=${maliciousInput}`);
+        console.log('SQL Injection Test Response:', response.data);
+    } catch (error) {
+        console.error('SQL Injection Test Failed:', error.message);
+    }
+}
+
+testSqlInjection();