Prevent Flux Injection

In my Java application, I have flux queries that use parameters provided by the user.

How do I prevent Flux Injection when using the Java client API?
Is using DSL enough? Reading this, it seems like it’s not.

What if I have queries that include SQL data sources and I have parameters in the SQL part?