nhuthuy2306/query-guard — reverse-engineered prompt

Build me a Python project called Query Guard that acts like a middle layer firewall in front of a MySQL database split into three regions, north, south, and central.

I want it to accept SQL queries through a simple local API, check whether the query looks like SQL injection, block dangerous patterns like always true conditions, union attacks, stacked queries, and system functions, then only send safe queries to the correct regional database. It should also make sure someone querying one region can’t access data from another region.

Please include sample MySQL setup scripts for the three databases, a Flask middleware server, and a small client benchmark that sends a mix of normal queries, region violation queries, and SQL injection attempts. The benchmark should print whether each query was allowed or blocked, plus basic stats like false positives, false negatives, and average response time.

Make it easy to run locally with an env file for MySQL credentials. If a database node is down, the API should return a safe error instead of crashing or leaking connection details.