Change the Python and SQL process to discourage SQL injection

[jdcc]

The training in sources/curriculum/software/python_sql.md doesn't say anything about potential SQL injection issues, and is training folks to write potentially unsafe code. There should at least be a mention of SQL injection attacks, or the training should be rewritten to use bound parameters.