Sorry to bark in with harsh criticism, but I have several points to object:

1. The SQL code is vulnerable to SQL Injection
2. having a user object doing SQL violates the SOLID principle.
3. having the find method "populate" the same user method over and over again is not really good OOP and leads to very hard to maintain code.

From your recent comment I see that this blog post is already older and just republished here. Personally I think showing this kind of code as good OOP is dangerous rather than helpful.