Review the following SQL code and flag the issue.
1-- Flask endpoint handler 2-- GET /api/users?name=<search_term> 3 4def search_users(search_term): 5 query = f"SELECT id, name, email FROM users WHERE name LIKE '%{search_term}%'" 6 results = db.execute(query) 7 return jsonify(results)