SQL injection audit with parameterized query fixes

Act as a senior application security engineer. Audit the source file below for SQL injection vulnerabilities and produce a drop-in fixed version using parameterized queries.

Source file: [source_file]
Target database driver: [db_driver]

Requirements for the audit:
- For every sink, emit a finding with: line number, vulnerable snippet, severity (critical/high/medium), and a one-line rationale
- Rewrite each vulnerable query to use the driver's parameter style (`%s`, `?`, `$1`, or named)
- Preserve original logic — do not change table, column, or filter semantics
- Use a connection context manager and close cursors cleanly
- Validate any identifier (table / column) that cannot be parameterized against an allowlist
- Add a short comment above each fix explaining what changed

Output format:
- Two sections separated by `# --- FIXED SOURCE ---`
- Top section: findings table in plain text
- Bottom section: full rewritten Python file, complete and runnable
- No prose outside those sections