This question popped into my head after reading this article.
However, the more I read about this topic, the more it seems like a Dynamic SQL security issues. So i have 2 questions mainly:
Is there really any difference between this and a Dynamic SQL query that allows injections?
Why would there be a language like HQL that goes through Hybernate (MySQL) to get translated to SQL while using inconsistent character escape marks? It seems counter intuitive. Maybe i missed something.
