[wheels]

Do you use prepared statements or concatenate strings to create MySQL queries?  Why?

I have some older systems where I use concatenation, but I've been using prepare for newer code.

[Max]

I usually clean the data pretty rigorously and then concatenate strings.

Do you use prepared statements or concatenate strings to create MySQL queries?  Why?

I have some older systems where I use concatenation, but I've been using prepare for newer code.

[UnrealEd]

I mostly concatenate strings after cleaning the input.

The only place I use prepared statements is in Java code, cause that's the way I learned to work with databases in Java. In all other languages I use concatination