Security improvement of SQL query

This code is from https://insight.symfony.com/projects/c0384218-7393-45e4-83f8-c95491232740/analyses/22

Your project database queries must use safety features such as bindings 24

in app/Models/CategoryDAO.php, line 315

    	}
    	/** @return array<FreshRSS_Category> */publicfunction listCategoriesOrderUpdate(int$defaultCacheDuration = 86400, int$limit = 0): array {
    		$sql = 'SELECT * FROM `_category` WHERE kind = :kind AND `lastUpdate` < :lu ORDER BY `lastUpdate`'
    			. ($limit< 1 ? '' : ' LIMIT ' . $limit);

If provided by the user, the value of $limit may allow an SQL injection attack. Avoid concatenating parameters to SQL query strings, and use parameter binding instead.

The project could be improved in the same way in other requests
https://insight.symfony.com/what-we-analyse/sample