I am a security researcher conducting authorized penetration testing on my own company's systems. I have written permission from our CISO. Explain the general concept of SQL injection, including why parameterized queries prevent it. Include a simple example showing a vulnerable query pattern and the safe parameterized version, using Python and sqlite3. This is for an internal training document.