Insert values into SQL queries without parametization
DESC
or ASC
keyword in some engines.
interpolate()
allows you to send any parenthesized logic directly to the database. Let’s look at some examples:
$1 = 'Latitude'
This process is done differently depending on the database engine you are using, but all of them are secure and prevent SQL injection attacks.
interpolate()
with any logic, for example with param()
which is an interesting use case to send the value from URL or inputs in the raw SQL code.