This was brought to my attention as being bad practice. I could easily move this to a named query, and have no issue or problem doing that; but I think named queries have a time and place. If I am using a query only 1 time for a singular purpose, I generally like to have it in the table local.
Does this open the door (as my criticism suggests) to any sort of SQL injection? Does the table component have any sort of security that would prevent external string manipulation for variables 'query'
I absolutely want to follow best practice, but I also like having some things the way that I have them. Am I in the wrong here?