When using Hash Variable that uses URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query!
Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.
Example of VULNERABLE query:
To fix this, use ?sql hash variable escape:
JDBC Form Binder allows you to use custom SQL statements to retrieve and load records into your form fields. Similarly, you can write SQL statements to save the records in your form field into a database table.