| ▲ | daneel_w 2 days ago | |
>"Is there a real-world scenario where data sanitization is required where proper data encoding/escaping is not the better solution?" In context of SQL queries which accept variable input, the only correct approach is to parameterize the queries, never to string-encode the variables. So, yes. But perhaps you implied parameterization as well. | ||
| ▲ | jsd1982 2 days ago | parent [-] | |
Yes, parameterization was implied. | ||