crystal-lang · straight-shoota · Dec 2, 2022 · Oct 20, 2022 · Oct 20, 2022 · Oct 21, 2022
diff --git a/docs/database/README.md b/docs/database/README.md
@@ -61,6 +61,8 @@ ensure
 end
 ```
 
+Alternatively, you can use `DB.connect` method to open a single connection to the database instead of a pool.
+
 ## Exec
 
 To execute sql statements you can use `Database#exec`
@@ -109,6 +111,26 @@ db.query("select name from contacts where age = ?", 33) do |rs|
 end
 ```
 
+Query parameters are effected under the covers with prepared statements (sometimes cached),
+or insertion on the client side, depending on the driver, but will always avoid SQL Injection.
+
+If you want to manually use prepared statements, you can with the `build` method:
+
+```crystal
+# MySQL
+mysql_prepared_statement = mysql_db.build("select * from contacts where id=?")
+# Postgres
+postgres_prepared_statement = postgres_db.build("select * from contacts where id=$1")
+# Use prepared statement:
+prepared_statement.query(3) do |rs|
+  # ... use rs
+end
+prepared_statement.query(4) do |rs|
+  # ... use rs
+end
+prepared_statement.close
+```
+
 ## Reading Query Results
 
 When reading values from the database there is no type information during compile time that crystal can use. You will need to call `rs.read(T)` with the type `T` you expect to get from the database.