diff --git a/changelogs/fragments/65164-postgres_use_query_params_with_cursor.yml b/changelogs/fragments/65164-postgres_use_query_params_with_cursor.yml
new file mode 100644
index 00000000000..5ec1150daa2
--- /dev/null
+++ b/changelogs/fragments/65164-postgres_use_query_params_with_cursor.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- postgres - use query params with cursor.execute in module_utils.postgres.PgMembership class (https://github.com/ansible/ansible/pull/65164).
diff --git a/lib/ansible/module_utils/postgres.py b/lib/ansible/module_utils/postgres.py
index 81808a16a1a..63811c30559 100644
--- a/lib/ansible/module_utils/postgres.py
+++ b/lib/ansible/module_utils/postgres.py
@@ -276,9 +276,9 @@ class PgMembership(object):
                  "JOIN pg_catalog.pg_roles b ON (m.roleid = b.oid) "
                  "WHERE m.member = r.oid) "
                  "FROM pg_catalog.pg_roles r "
-                 "WHERE r.rolname = '%s'" % dst_role)
+                 "WHERE r.rolname = %(dst_role)s")
 
-        res = exec_sql(self, query, add_to_executed=False)
+        res = exec_sql(self, query, query_params={'dst_role': dst_role}, add_to_executed=False)
         membership = []
         if res:
             membership = res[0][0]