In order to remove the security bug, write the code as below:
$this
Validating the Input Data:
It is imperative that every input value on the Magento website’s pages should be validated before passing it for backend processing. This validation can be done by writing systematic functions and applying appropriate logic. It should be made a compulsion that every website developer needs to write secure codes that have very less chances of being vulnerable.
https://www.doffitt.com/buckle-save-magento-website-card-skimming
