diff --git a/changelogs/fragments/64661-postgres_py_add_query_params_arg.yml b/changelogs/fragments/64661-postgres_py_add_query_params_arg.yml
new file mode 100644
index 00000000000..28e43bd87b1
--- /dev/null
+++ b/changelogs/fragments/64661-postgres_py_add_query_params_arg.yml
@@ -0,0 +1,3 @@
+bugfixes:
+- postgres.py - add a new keyword argument ``query_params`` (https://github.com/ansible/ansible/pull/64661).
+- postgresql_idx.py - use the ``query_params`` arg of exec_sql function (https://github.com/ansible/ansible/pull/64661).
diff --git a/lib/ansible/module_utils/postgres.py b/lib/ansible/module_utils/postgres.py
index ab982135b4d..5aedeaa56b1 100644
--- a/lib/ansible/module_utils/postgres.py
+++ b/lib/ansible/module_utils/postgres.py
@@ -121,7 +121,7 @@ def connect_to_db(module, conn_params, autocommit=False, fail_on_conn=True):
     return db_connection
 
 
-def exec_sql(obj, query, ddl=False, add_to_executed=True):
+def exec_sql(obj, query, query_params=None, ddl=False, add_to_executed=True, dont_exec=False):
     """Execute SQL.
 
     Auxiliary function for PostgreSQL user classes.
@@ -129,21 +129,43 @@ def exec_sql(obj, query, ddl=False, add_to_executed=True):
     Returns a query result if possible or True/False if ddl=True arg was passed.
     It necessary for statements that don't return any result (like DDL queries).
 
-    Arguments:
+    Args:
         obj (obj) -- must be an object of a user class.
             The object must have module (AnsibleModule class object) and
             cursor (psycopg cursor object) attributes
         query (str) -- SQL query to execute
+
+    Kwargs:
+        query_params (dict or tuple) -- Query parameters to prevent SQL injections,
+            could be a dict or tuple
         ddl (bool) -- must return True or False instead of rows (typical for DDL queries)
             (default False)
         add_to_executed (bool) -- append the query to obj.executed_queries attribute
+        dont_exec (bool) -- used with add_to_executed=True to generate a query, add it
+            to obj.executed_queries list and return True (default False)
     """
-    try:
-        obj.cursor.execute(query)
 
+    if dont_exec:
+        # This is usually needed to return queries in check_mode
+        # without execution
+        query = obj.cursor.mogrify(query, query_params)
         if add_to_executed:
             obj.executed_queries.append(query)
 
+        return True
+
+    try:
+        if query_params is not None:
+            obj.cursor.execute(query, query_params)
+        else:
+            obj.cursor.execute(query)
+
+        if add_to_executed:
+            if query_params is not None:
+                obj.executed_queries.append(obj.cursor.mogrify(query, query_params))
+            else:
+                obj.executed_queries.append(query)
+
         if not ddl:
             res = obj.cursor.fetchall()
             return res
diff --git a/lib/ansible/modules/database/postgresql/postgresql_idx.py b/lib/ansible/modules/database/postgresql/postgresql_idx.py
index e4b9c5390ff..fc5155374f6 100644
--- a/lib/ansible/modules/database/postgresql/postgresql_idx.py
+++ b/lib/ansible/modules/database/postgresql/postgresql_idx.py
@@ -325,9 +325,9 @@ class Index(object):
                  "ON i.indexname = c.relname "
                  "JOIN pg_catalog.pg_index AS pi "
                  "ON c.oid = pi.indexrelid "
-                 "WHERE i.indexname = '%s'" % self.name)
+                 "WHERE i.indexname = %(name)s")
 
-        res = exec_sql(self, query, add_to_executed=False)
+        res = exec_sql(self, query, query_params={'name': self.name}, add_to_executed=False)
         if res:
             self.exists = True
             self.info = dict(