PASSTHRU uses concatenated characters (||) (WMB)
Using a PASSTHRU statement allows over a SELECT, UPDDATE or DELETE has some benefits.
- PASSTHRU statements are more direct and can perform better
- Behind the scenes PASSTHRU generates prepares statements that can be caches and re-used (again better performance)
- Prepared statements provide protection from SQL injection
By appending / concatenating these benefits can be negated.
| PASSTHRU uses concatenated characters (||) (WMB) |  |
The following statement can re-written by providing a parameter instead of concatenating a the string and thus means the query will be safe from SQL injection and also be cached as a prepared statement going forward.
| PASSTHRU (‘COMMIT ‘ || someArgument); | PASSTHRU (‘COMMIT ?’ VALUES(someArgument)); |
