How do you execute queries on your concrete5 database is important. Always make sure, you're using proper bind variables to avoid SQL injections, here's an example!
$db = Loader::db();
// update existing row
$db->Execute('UPDATE table SET column=? WHERE id=?', array('test', 1));
// fetch all rows into an array
$allRows = $db->GetAll('SELECT column FROM table WHERE user_id=?', array(1));
// loop through the rows
$result = $db->Execute('SELECT column FROM table WHERE user_id=?', array(1));
while ($row = $result->FetchRow()) {
echo $row['column'];
}