Remediation Steps
Follow the steps below to remediate this finding on Drupal.
Use Drupal's database abstraction layer for all queries:
$results = \Drupal::database()->select('users', 'u') ->fields('u') ->condition('uid', $uid, '=') ->execute() ->fetchAll();For complex queries, use the query builder rather than raw SQL.
If raw SQL is necessary, use placeholders:
$results = \Drupal::database()->query('SELECT * FROM {users} WHERE uid = :uid', [':uid' => $uid]);