I was merely getting across the idea that the only injection discussed so far relates to, generally, items in the WHERE clause specifically comparing the value of a column be it integer, string or other type. I've no idea what the proper term is, so column-value was a sufficient stand in.

So we've looked at things like SELECT ... WHERE blah='<injection risk>' or INSERT ... SET blah='<injection risk>' but there are other vulnerable (for want of a slightly more descriptive word) parts to queries that people might not think about. That was my aim for discussion. Really, I'm just trying to steer the conversation away from the stale position it was at.