This snippet demonstrates how to safely run SQL queries using placeholders to prevent SQL injection.
global $wpdb;
$post_status = 'publish';
$query = $wpdb->prepare("SELECT * FROM {$wpdb->prefix}posts WHERE post_status = %s", $post_status);
$results = $wpdb->get_results($query);
foreach ($results as $post) {
echo $post->post_title . "<br>";
}