On Sat, 20 Nov 2010 18:03:34 -0500, Kagamin wrote: > Adam D. Ruppe Wrote: > >> Meh, I find the placeholders to be much better (safer too): >> >> db.query("select id from objects where type = ?", typeName); > > I use it too, but found it hard to maintain/check ordering and meaning > of parameters when you edit the query, add or remove parameters.
Isn't that a small price to pay to avoid SQL injection attacks? Best, Graham