User Story: Fix SQL injection in src/javascript/backend/database/queries.js

[aliAljaffer]

As a developer
I want to remove string interpolation from SQL queries in src/javascript/backend/database/queries.js and use parameterized queries
So that the application is not vulnerable to SQL injection attacks

Acceptance Criteria

• Replace constructs like const query = `SELECT * FROM users WHERE username = '${username}'`; with parameterized queries provided by the DB library (e.g., this.conn.query('SELECT * FROM users WHERE username = ?', [username])).

Details
Found usage of dynamic SQL building via template literals which permits injection. The file contains: SELECT * FROM users WHERE username = '${username}'.

[KrishiJi]

hey. i have proficiency in cybersecuirty. I want to contribute into this project. Can you assign this to me?

[aliAljaffer]

Have fun with it, @KrishiJi !