Fix code scanning alert – Database query built from user-controlled sources

[avelino]

Tool: CodeQL Rule ID: go/sql-injection Query: View source

If a database query (such as an SQL or NoSQL query) is built from user-provided data without sufficient sanitization, a malicious user may be able to run commands that exfiltrate, tamper with, or destroy data stored in the database.

Tracking issue for: https://github.com/prest/prest/security/code-scanning/5