Fix code scanning alert no. 12: SQL query built from user-controlled sources

[joeljogy]

Fixes https://github.com/se2024-jpg/WolfTrack6.0/security/code-scanning/12

To fix the SQL injection vulnerability, we should use parameterized queries instead of directly concatenating user input into the SQL query string. Parameterized queries ensure that user input is treated as data and not executable code, thus preventing SQL injection attacks.

Steps to fix:

1. Modify the find_user function in dbutils.py to use parameterized queries.
2. Replace the direct concatenation of the data parameter with a placeholder (?) and pass the data parameter as an argument to the execute method.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark: