I have this code:

public static function generateFoldersData( $orderBy = 'ord', $order = 'ASC', $additionalParams = false )
{
global $wpdb;

    // Base query
    $sql       = "SELECT * FROM {$wpdb->prefix}luvre_folders WHERE created_by = %d";
    $params    = [ apply_filters( 'luvre_folder_created_by', 0 ) ];
    $post_type = Helpers::get_cookie_current_post_type();

    // Public API, allow administrator roles to get all folders from all users
    if ( $additionalParams && $additionalParams[ 'uroles' ] === 'administrator' && apply_filters( 'luvre_folder_get_all_folders', false ) ) {
        $sql    = "SELECT * FROM {$wpdb->prefix}luvre_folders";
        $params = [  ];
    }

    // Add type filter if provided
    if ( ! empty( $post_type ) ) {
        $sql .= ' AND post_type = %s';
        $params[  ] = $post_type;
    }

    // Validate and sanitize the orderBy and order values
    $allowed_orderby = [ 'ord', 'name', 'created' ];
    $allowed_order   = [ 'ASC', 'DESC' ];

    $orderBy = in_array( $orderBy, $allowed_orderby ) ? $orderBy : 'ord';
    $order   = in_array( strtoupper( $order ), $allowed_order ) ? strtoupper( $order ) : 'ASC';

    // Append ORDER BY clause dynamically
    $sql .= " ORDER BY {$orderBy} {$order}";

    // Get all folders
    $folders = $wpdb->get_results( $wpdb->prepare( $sql, ...$params ), OBJECT );

    return $folders;
}

When I scan using Plugin Check (PCP), I always get the following error:

502 56 ERROR WordPress.DB.PreparedSQL.NotPrepared Use placeholders and $wpdb->prepare(); found $sql

I'd tried all solutions, ChatGPT, Gemini, Deepseek but none of theme can't solve this. I can't and don't want to use //phpcs:ignore in this case. Please help me and thanks before...