in reply to SQL Placeholders - clarification

Use placeholders for everything. Perhaps you don't have as much control over the variables as you think you have? Maybe in future someone will change one of the variables in an unsafe way? By making them placeholders you get automatic protection all of the time with no cognitive effort.