in reply to
Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
in thread Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
If you treat your database as a dumb object store I bet my supadances against your socks that you are using the database very very inefficiently, bogging it down with unoptimized (and unoptimizable) ad-hoc queries, fetching many times more data that you actually need etc.
All I want from my database access layer is to let me call the stored procedures (few of them one statement only) without much fuss, thank you very much.