fix: Refactor SQL query in fixCleanTitle method to use prepared statements for improved security

https://github.com/WWBN/AVideo/security/advisories/GHSA-584p-rpvq-35vf#event-592857

Author: Daniel Neto

objects/category.php

@@ -226,12 +226,14 @@ public static function fixCleanTitle($clean_title, $count, $id, $original_title
             $original_title = $clean_title;
         }
 
-        $sql = "SELECT * FROM categories WHERE clean_name = '{$clean_title}' ";
+        $id = intval($id);
         if (!empty($id)) {
-            $sql .= " AND id != {$id} ";
+            $sql = "SELECT * FROM categories WHERE clean_name = ? AND id != ? LIMIT 1";
+            $res = sqlDAL::readSql($sql, "si", [$clean_title, $id], true);
+        } else {
+            $sql = "SELECT * FROM categories WHERE clean_name = ? LIMIT 1";
+            $res = sqlDAL::readSql($sql, "s", [$clean_title], true);
         }
-        $sql .= " LIMIT 1";
-        $res = sqlDAL::readSql($sql, "", [], true);
         $cleanTitleExists = sqlDAL::fetchAssoc($res);
         sqlDAL::close($res);
         if (!empty($cleanTitleExists)) {