I assume this is just a starting point, and I get that bootstrapping a book from OWASP content is a legitimate way to create a starting point; I'd just say: this is definitely an early starting point.
The justification? Better performance. Didn't the PHP community go through the exact same thing years ago? (With people finally giving up and going back to prepared statements for safety against SQL injection.)
It's so widespread that there are multiple libraries that tout this as a feature!
Note that this was exactly once in 20 years.
Other languages old enough to have been around prior to all this have the same history. Perl, Python, etc.
And having to dynamically change a table name is uncommon.