SQL Injections

I would like to know if the Query Builder Class is safe in terms of SQL Injections.

How should they be used correctly to avoid these attacks?
I have this situation:

Code:

$product    =  $this->productModel->asObject()->find( $id );

And this other:

Code:

$sql        =  'SELECT * FROM products WHERE id = ?';
$products   =  $this->db->query( $sql, [ 1 ] )->getResultObject();

Which would be the safest?

find() is not a Query Builder method. It is a Model method.

If you want to make your app safe, validate all user input before passing to DB/QB/Model objects.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper