Webservice: use SQLite parameter substitution instead of string formatting
Description
Constructing SQL queries with string formatting can lead to them going spectacularly wrong on malformed inputs. This is usually highlighted as a security vulnerability, but it can also cause problems just by accident if unexpected values appear. Using proper parameters is really just an elementary piece of using a database.
How Has This Been Tested?
I've run this on max-exfl017 and requested recalibration of some CALLAB jobs (following instructions from @danilevc :-). It seems to be running OK - Slurm jobs are being launched and the logs don't show errors. I don't know if there's anything more specific I should check.
Types of changes
- Bug fix (non-breaking change which fixes an issue)
Checklist:
- My code follows the code style of this project.