I can't think of any reason why placeholders wouldn't be used as a matter of course.
I have seen some cases where not using placeholders gave the database extra information that would result in more efficient query execution plans.
For example if you have a table with a gender column, and only 2% of the rows have the value F, it might be helpful (in the decision whether to use a certain index or type of join) to let the database see what gender your query is about.
select * from some_table where gender = 'F';
Another example is the page size for paged data.
Of course, those are edge cases, only affect databases sophisticated enough to make those kind of decisions
in the first place (and those databases usually also have
means to workaround the issue while still using bind
variables), and are most often not related to direct
user input anyway.
In general, I absolutely agree that not using bind
variables is a cardinal sin. If you are using direct
interpolation into the query string, be prepared to
have a very good explanation for it.
|