[blep_]

SQL sanitation is foolproof in the sense of it being possible to do 100% right. We don't do it much because there are other options (like prepared statements) that are easier to get 100% right.

This is an entirely different thing from trying to reduce the probability of an attack working.

[zaphar]

Everything is in theory possible to do 100% right. The difficulty of doing so is why people choose better solutions, like prepared statements.