1 comment

[ 3.5 ms ] story [ 10.3 ms ] thread
Well, afaik most SQL dialects, drivers and programming languages support parameterised and prepared statements...

Has there ever been ANY reason to use string concatenation instead of parameterised / prepared statements? I think there should be not one single tutorial explaining sql with string concatenation...

And why is this feature so often not working for identifiers like table names?

I would love to hear opinions to that...