Well, afaik most SQL dialects, drivers and programming languages support parameterised and prepared statements...
Has there ever been ANY reason to use string concatenation instead of parameterised / prepared statements? I think there should be not one single tutorial explaining sql with string concatenation...
And why is this feature so often not working for identifiers like table names?
1 comment
[ 3.5 ms ] story [ 10.3 ms ] threadHas there ever been ANY reason to use string concatenation instead of parameterised / prepared statements? I think there should be not one single tutorial explaining sql with string concatenation...
And why is this feature so often not working for identifiers like table names?
I would love to hear opinions to that...