1. String operations are more error-prone.
2. SQL statements may inevitably appear inCodeAnd cannot sit down to code and data separation. CodeReadabilityLower.
3.Efficiency. In many cases, you need to execute the same SQL statement multiple times, but the parameters are different. if you use preparedstatement (Java), you only need to compile the SQL statement for the first execution, and the execution efficiency can be improved.
4. if the Code uses string operations to concatenate SQL statements, it is impossible to find SQL statement errors during the compilation phase. if you use the method provided by the class library to set parameters, you can set the parameter type during compilation.
5. if you want to modify the SQL statement later, such as adding a filter condition to the where condition, or changing the filter condition sequence to optimize the performance, you will find that String concatenation is a disaster, especially when SQL statements are complex (including nesting and intersection of multiple tables ).
6.Security. String concatenation SQL statements are vulnerable to SQL injection attacks.
7. Can it be reconstructed in the future? The earlier the change, the lower the cost.