With proper escape (un-taint) on any user input, right?

PaulHoule · 2025-07-20T16:40:28 1753029628

Of course. If it is SQL you ride on JDBC already supporting placeholders, so there isn't any need for you to support substitutions for ordinary SQL.

If you want to do more complex "Dynamic SQL", say you are writing a query builder where people can fill out fields to do a complex query, your best bet is JooQ, which I use heavily at work.