Ken Ken - 5 months ago 36
SQL Question

Internal vs Extenal use of parameterized sql command

In terms of SQL injection, I understand why parameterizing a string parameter is important. But is it acceptable or justified to not parameterize a command when working with let's say a database dependent software for a company which is primarily targeted on internal use rather than that of external influence?


In my view, that is an exception as it relates to discarding parameterizing a command when it is based internally but just for practice and for the sake of just improving as a developer. Practice doing it the right way and take no short cuts