Nick Kew wrote:
If the docs are not clear to you, I think that demonstratesthe need for further review. What is unclear about ¨The underlying library doesn't support prepared statements,so the driver emulates them, and the untrusted input is merged into the SQL statement.¨
I guess my point is, why do we enable this without requiring the user to explicitly choose this client? Caveat emptor; it shouldn't happen without user intervention. Bill
