We should use parameter binding instead of literal concatenation on dictionary queries for methods such as DoGetPrimaryKeys
prmoore77 opened this issue · comments
Using concatenated literals is not recommended as it is far more susceptible to SQL injection, forces the database to re-parse the SQL, etc.
We should use DuckDB's prepare
and execute
methods with parameter binding to improve security as well as performance of these queries.