App uses SQLite database and executes raw SQL query

[owais-vd]

close #199

[ekigamba]

1. Yes, you are correct that it only concatenates.
2. Owais and I tried this but it's not possible with the currently provided methods in the SDK. You can only bind params such as table fields and search params I have also tried other variations
3. The table name is a constant and not a user input and therefore the warning on the issue is not relevant for this specific query(s).
4. :man_facepalming: I might have misunderstood your comment in that you understood our justification but concatenation using % might silence the tool. Reason I approved it even though it still doesn't sanitize the table name constant