SQL sanitation is foolproof in the sense of it being possible to do 100% right. We don't do it much because there are other options (like prepared statements) that are easier to get 100% right.
This is an entirely different thing from trying to reduce the probability of an attack working.
zaphar|2 years ago