Of course. I am trying to find it now, but I recently used a sqlite library where, barring bugs in escaping, there were no way to execute SQL queries in the "simple API" with strings that were not compile time constants. A dynamically generated string would be refused with a clear error message pointing to the correct part of the manual.
The raw queries were hidden in a sqlite3/DANGEROUS library. Despite doing things like stepping queries, bypassing the statement cache or mucking around and changing parameterized queries I didn't have to touch the DANGEROUS API.
The raw queries were hidden in a sqlite3/DANGEROUS library. Despite doing things like stepping queries, bypassing the statement cache or mucking around and changing parameterized queries I didn't have to touch the DANGEROUS API.