fix: update SQL queries to use parameterized table names for security

Co-authored-by: Copilot <copilot@github.com>

backend/routes/default/frontend.data.js

@@ -40,7 +40,7 @@ export const confirmUser = async (username) => {
     console.log(tableName);
 
     const [createTable] = await pool.query(
-      `CREATE TABLE IF NOT EXISTS ? (
+      `CREATE TABLE IF NOT EXISTS ?? (
         id INT AUTO_INCREMENT PRIMARY KEY,
         Vorname VARCHAR(100) NOT NULL,
         Nachname Varchar(100) NOT NULL,
@@ -64,7 +64,7 @@ export const confirmUser = async (username) => {
       let nextID;
       const getNextID = async () => {
         const [rows] = await pool.query(
-          `SELECT id FROM ? ORDER BY id DESC LIMIT 1`,
+          `SELECT id FROM ?? ORDER BY id DESC LIMIT 1`,
           [tableName],
         );
         nextID = rows.length > 0 ? rows[0].id + 1 : 1;
@@ -89,7 +89,7 @@ export const newEntry = async (formData, username) => {
   const tableName = confirmation.tableName;
 
   const [result] = await pool.query(
-    `INSERT INTO ? (Vorname, Nachname, EMail, Telefonnummer, Lose, Firmenname, Vorname_Geschaeftlich, Nachname_Geschaeftlich, EMail_Geschaeftlich, Telefonnummer_Geschaeftlich, Strasse_Hausnr, Plz_Ort, Zahlungsmethode) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+    `INSERT INTO ?? (Vorname, Nachname, EMail, Telefonnummer, Lose, Firmenname, Vorname_Geschaeftlich, Nachname_Geschaeftlich, EMail_Geschaeftlich, Telefonnummer_Geschaeftlich, Strasse_Hausnr, Plz_Ort, Zahlungsmethode) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
     [
       tableName,
       formData.firstName,

backend/scheme.sql

@@ -6,6 +6,7 @@ CREATE TABLE users (
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );
 
+/* This scheme does not have to be implemented manually. It always will be generated by the backend */
 CREATE TABLE xx_DD_MM_YYYY (
     id INT AUTO_INCREMENT PRIMARY KEY,
     Vorname VARCHAR(100) NOT NULL,