Current SQL is concatenated with its variables. This is not good practice for a number of reasons, a big one being vulnerability to injection attacks. Rewrite to use bind variables if possible. If the underlying libs don't support this, at least sanitise the input. Probably best done after/in combination with issue #1.
Current SQL is concatenated with its variables. This is not good practice for a number of reasons, a big one being vulnerability to injection attacks. Rewrite to use bind variables if possible. If the underlying libs don't support this, at least sanitise the input. Probably best done after/in combination with issue #1.