Merge branch 'parameterized' into main

Merge the large set of changes to the SQL injection section
to discuss *parameterized* statements, and then note that
prepared statement implementations normally include parameterized
statement capabilities.

This change became large, because as we delved into this, it became
clear that we needed to expand this section. In particular, the
problems of DBMS-side vs. application-side implementations aren't
widely noticed elsewhere, but attacks in 2022 are revealing that
it's serious and under-appreciated.

I don't want to make material longer than it needs to be, but SQL
injections are one of the most devastating attacks on web applications
today, so it's appropriate we spend extra time one them.

I'm doing a merge commit because I want to make sure that the
different people who contributed fixes get some clear credit
by the version control system. Thank you everyone!

Signed-off-by: David A. Wheeler <[email protected]>

Author: david-a-wheeler