Django - Security Best Practices
Consider this Django view snippet:
def my_view(request):
username = request.GET.get('username')
user = User.objects.raw(f"SELECT * FROM auth_user WHERE username = '{username}'")
return HttpResponse('User found')
What is the main security risk here?