Security vulnerability - SQL injection

[stefanofornari]

This issue is to collect the similar ones reported about ORM lite not properly escaping parameters in the produced SQL. This may lead to the well known SQL injection vulnerability[1], which is quite serious. I have found the following issues related to this:

1. EXTERNAL DATA IN SQL QUERIES [SAST] [M7] [CWE-89] #146
2. Exception when create object with string including single quote #137
3. security issue -SQL Injection #81 (this should be reopened as it does not apply to table names only)
4. log4j #138 - see this comment

@j256 , it would be great to have your comment, even if you do not have time to fix it; maybe somebody will be happy to contribute the fix.

many thanks in advance

[1] https://owasp.org/www-community/attacks/SQL_Injection