As a developer-cum-dba, my training (and unfortunate self experience) has proven that all database access should be done with command objects and stored procedures, and not dynamic SQL. This prevents...