We would like to propose the following improvements to DB-API 2.0 that
would require bumping it up to DB-API 3.0:
- Get rid of SQL strings
- Get rid of SQL strings
- Use package resources to store what would otherwise be SQL strings
While we cannot prevent someone from going out of their way to define
package resources at runtime just so they can implement SQL injection,
ultimately the goal is to provide a small speed bump so they don't feel
so inclined to jump straight into SQL injection before trying to do
easier, more secure things.