[Scalestein]

I'm guessing they are thinking of a scenario where SELECT * FROM User_Details gets sent directly to the front end.

So even if all you are displaying is the users name or initials you would still be sending things like SSN and credit card number to the front end

[nerdchum]

Sanitizing your inputs is a string issue not a data structure issue.

Sanitizing your inputs has been known about for literally almost half a century that should just be default for developers at this point.

[waboremo]

>Sanitizing your inputs has been known about for literally almost half a century that should just be default for developers at this point.

Except if you're a "stupid programmer", in which such defaults are irrelevant to you. In such cases, one can only hope they're relying on tooling that sanitizes as much as possible for them.