Several endpoints use raw string concatenation to build SQL queries, creating a critical SQL injection risk.
Acceptance Criteria:
- Identify all endpoints that use INSERT or UPDATE with string concatenation.
- Refactor them to use mysqli_prepare, �ind_param, and execute.
- At least �ddclient.php and �ddpolicy.php must be fixed.
Several endpoints use raw string concatenation to build SQL queries, creating a critical SQL injection risk.
Acceptance Criteria: