How do I prevent SQL injection from Foldable' AND '1'='1' attack in a Drop Down Menu using Prepared Statement?

Question

I recently did a ZAP report on my project, and there was a high alert saying SQL Injection may be possible through Foldable\' AND \'1\'=\'1\' attack on this par