> I do talk about how this is an upgrade from plain SQL
This statement is about functionality / ease of use, which is fairly orthogonal from (preventing) SQL injection: with plain SQL it's perfectly possible to avoid injection attacks, in fact that's probably the most common and easiest way to do it. In that sense, if anything this is a downgrade from regular SQL.
This statement is about functionality / ease of use, which is fairly orthogonal from (preventing) SQL injection: with plain SQL it's perfectly possible to avoid injection attacks, in fact that's probably the most common and easiest way to do it. In that sense, if anything this is a downgrade from regular SQL.