Hi folks, I have a working patch sitting on DERBY-4208. I am wondering if this is a fix we should consider including for 10.5.2?
The pro argument is that this is a usability issue, and to the extent it forces the app to construct SQL on the fly, makes the app more vulnerable to injection attacks, at least in theory. A user has asked for it. On the contra side, we have the fact that dynamic arguments are not allowed by the SQL standard for this construct, at least not yet. Personally I think it's a nice extension. Thoughts? Dag
