I've been coding for over 20 years now! (WOAH, do I feel old)
I've touched just about every resource imaginable under the Sun (too bad they were bought out by Oracle)
instead of executing the SQL, print the SQL out to the console or a file.
You'll start to notice that the way you're building the SQL query string is unsafe, if it doing in-place replacing without converting to SQL native and properly escaped strings.
instead of executing the SQL, print the SQL out to the console or a file.
You'll start to notice that the way you're building the SQL query string is unsafe, if it doing in-place replacing without converting to SQL native and properly escaped strings.
I did not understand what you meant!
Can an example be given?