Refactored to use parameterized SQL APIs (#1545)

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>

src/main/java/stirling/software/SPDF/config/security/database/DatabaseBackupHelper.java

@@ -8,6 +8,7 @@ import java.nio.file.Paths;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.sql.Connection;
 import java.sql.DriverManager;
+import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
@@ -131,11 +132,12 @@ public class DatabaseBackupHelper implements DatabaseBackupInterface {
         DateTimeFormatter myFormatObj = DateTimeFormatter.ofPattern("yyyyMMddHHmm");
         Path insertOutputFilePath =
                 this.getBackupFilePath("backup_" + dateNow.format(myFormatObj) + ".sql");
-        String query = "SCRIPT SIMPLE COLUMNS DROP to '" + insertOutputFilePath.toString() + "';";
+        String query = "SCRIPT SIMPLE COLUMNS DROP to ?;";
 
         try (Connection conn = DriverManager.getConnection(url, "sa", "");
-                Statement stmt = conn.createStatement()) {
+                PreparedStatement stmt = conn.prepareStatement(query)) {
-            stmt.execute(query);
+            stmt.setString(1, insertOutputFilePath.toString());
+            stmt.execute();
             log.info("Database export completed: {}", insertOutputFilePath);
         } catch (SQLException e) {
             log.error("Error during database export: {}", e.getMessage(), e);