Address SQL injection vulnerability in SQL ORM layer