[rgharris]

I agree, end-to-end tests have been really valuable for catching SQL issues in my experience.

> Identify unsafe queries that could potentially lead to SQL injections

This feature seems like a perfect use case for static analysis and would be a great tool in addition to automated tests.

[namibj]

Just don't use string mangling to combine parameters and queries. The most is switch/case in a loop or something like it doing state machine execution to combine fixed strings. And that only because one does not accidentally build something general enough to allow for SQL injection with such harsh restrictions.

[sverhagen]

And static analysis is not limited to build time so it can provide value even earlier.

[pletnes]

Or later, if your program grows from a small hack to an important application.