More complex cases are more likely to have bugs period, just in their logic.
String concatenation isn't really a major source of that. Just make sure your parentheses match, as you need to do no matter what, and include a space at the start and end of each string to make sure you don't accidentally smush terms together likethis.
There's zero danger of sql injection so long as everything is being passed by parameters. You just concatenate placeholders when you need string concatenation to build the query.
Guaranteed source of bugs in complex cases.
More complex cases are more likely to have bugs period, just in their logic.
String concatenation isn't really a major source of that. Just make sure your parentheses match, as you need to do no matter what, and include a space at the start and end of each string to make sure you don't accidentally smush terms together likethis.
Simpler SQL injection risk and more testing to make sure all potential branching paths don’t result in invalid SQL.
There's zero danger of sql injection so long as everything is being passed by parameters. You just concatenate placeholders when you need string concatenation to build the query.
Exactly this.
And if you're testing, you've got to test every query combination anyways. It's not just syntax that can be wrong, but logic and performance.