|
|
|
|
|
|
by _y5hn
1786 days ago
|
|
|
Unless you're using hardcoded values, using bind variables is the only proper way. Otherwise, the DBMS has difficulty recognizing the same query pattern for performance, and you're open to injection vulnerabilities for security. https://www.databasestar.com/sql-bind-variables/ The big problem is the shitty workplace environment of today that discourages sharing, learning and proper software development. A proper build-pipeline will include security scanners that detects these vulnerabilities automagically. |
|
|