| ▲ | crazygringo 3 days ago |
| What's wrong with string concatenation? |
|
| ▲ | whatevaa 3 days ago | parent | next [-] |
| Guaranteed source of bugs in complex cases. |
| |
| ▲ | crazygringo 3 days ago | parent [-] | | More complex cases are more likely to have bugs period, just in their logic. String concatenation isn't really a major source of that. Just make sure your parentheses match, as you need to do no matter what, and include a space at the start and end of each string to make sure you don't accidentally smush terms together likethis. |
|
|
| ▲ | t-writescode 3 days ago | parent | prev [-] |
| Simpler SQL injection risk and more testing to make sure all potential branching paths don’t result in invalid SQL. |
| |
| ▲ | webstrand 3 days ago | parent [-] | | There's zero danger of sql injection so long as everything is being passed by parameters. You just concatenate placeholders when you need string concatenation to build the query. | | |
| ▲ | crazygringo 3 days ago | parent [-] | | Exactly this. And if you're testing, you've got to test every query combination anyways. It's not just syntax that can be wrong, but logic and performance. |
|
|
