What is SQL Injection and how to fix it

What is SQL Injection and how to fix it(bootsity.com)

1 points by prady00 6 years ago

sandreas 6 years ago |

Well, afaik most SQL dialects, drivers and programming languages support parameterised and prepared statements...

Has there ever been ANY reason to use string concatenation instead of parameterised / prepared statements? I think there should be not one single tutorial explaining sql with string concatenation...

And why is this feature so often not working for identifiers like table names?

I would love to hear opinions to that...