Doing so makes the SQL easier to maintain and secures your application from SQL injection attacks.

这样做可使SQL更加易于维护，且可使您的应用程序免受SQL注入攻击。

youdao

In an SQL injection attack, a program creates an SQL command and sends it to an SQL interpreter.

在SQL注入攻击中，程序会创建一个SQL命令，并将其发送给SQL解释器。

youdao

A SQL injection vulnerability occurs when a user is able to pass SQL code directly to the application in such a way that the code will be executed in a query.

如果用户能够将SQL代码直接传递给应用程序，此代码将在一个查询中执行，那么就可能发生SQL注入攻击。

youdao

The vast majority of those millions of passwords became public after the breach of RockYou.com, a social networking applications site penetrated by cybercriminals using an SQL-injection.

FORBES: Researcher Creates Clearinghouse Of 14 Million Hacked Passwords

But most of those sites still remain vulnerable to SQL injection--meaning the same group of hackers or a copycat group could use similar techniques to redirect the sites' visitors to another server hosting malicious software, Danchev argues.

FORBES: Magazine Article

Plenty of folks in the cyber security field have debated whether the rise of Anonymous would actually lead to increased spending on services like protection from DDoS attacks, which can temporarily paralyze a website, and SQL injection-type attacks that can raid a database and sometimes purge it of all contents.

FORBES: Anonymous Takes From The Rich, Gives To... The Cyber Security Industry?