Note that the final example has a major security flaw - it incorporates strings from the users request directly into the text of a sql query. This is subject to 'SQL Injection' - carefully crafted sql could alter the semantics of the query to return more information than intended by the site authors. Real DB applications will use parameterized sql these days.
-- Lee Schumacher, March 9, 2005