*)update XQueryInjection.qhelp

Author: haby0

java/ql/src/Security/CWE/CWE-652/XQueryInjection.qhelp

@@ -9,20 +9,19 @@ This allows an attacker to control the structure of the query.</p>
 </overview>
 <recommendation>
 
-<p>Use parameterized queries. This will help ensure separation between data plane and control plane.</p>
+<p>Use parameterized queries. This will help ensure the program retains control of the query structure.</p>
 
 </recommendation>
 <example>
 
-<p>This example is a comparison of unused parameterized query and using parameterized query. 
-Parameterized query through <code>bindString</code>.</p>
+<p>The following example compares building a query by string concatenation (bad) vs. using  <code>bindString</code> to parameterize the query (good).</p>
 
 <sample src="XQueryInjection.java" />
 
 </example>
 <references>
 
-<li>cwe description: 
+<li>CWE description: 
 <a href="https://cwe.mitre.org/data/definitions/652.html">XQuery Injection</a>.</li>