When do you use static SQL as a technique for avoiding SQL injection?

C , D

http://www.firstsql.com/tutor4.htm

PDATE Statement

The UPDATE statement modifies columns in selected table rows. It has the following general format:
UPDATE table-1 SET set-list [WHERE predicate]
The optional WHERE Clause has the same format as in the SELECT Statement. See WHERE Clause. The WHERE clause chooses which table rows to update. If it is missing, all rows are in table-1 are updated.
The set-LIST contains assignments of new values for selected columns. See SET Clause.

The SET CLAUSE EXPRESSIONS and WHERE CLAUSE PREDICATE can contain subqueries, but the subqueries cannot reference table-1. This prevents situations where results are dependent on the order of processing.

SET Clause

The SET Clause in the UPDATE Statement updates (assigns new value to) columns in the selected table rows. It has the following general format:
SET column-1 = value-1 [, column-2 = value-2] …
column-1 and column-2 are columns in the Update table. value-1 and value-2 are expressions that can reference columns from the update table. They also can be the keyword — NULL, to set the column to null.
Since the assignment EXPRESSIONS can reference columns from the current row, the expressions are evaluated first. After the values of all Set expressions have been computed, they are then assigned to the referenced columns. This avoids results dependent on the order of processing.