We are detecting false positives in SQL injections where the parameter is an integer (for example #150). We should improve the regular expression so that it specifically finds a paramString as a parameter, shouldn't be too difficult.