How is SQL Injection real?

What kind of a backwards language do you have to use that doesn't have the simple feature of protecting you from it out of the box? Are you building you queries by concatenating strings like a CS freshman?

>>13
actually scratch that, you should be using stored procedures for this type of thing. it’s the only way to make this safe.