Fix: use prepared statements and whitelist table name to prevent SQL …

[abimelsbk]

…injection(CVE-2025-51092)- Resolves #6