|
|
|
|
|
|
by daneel_w
277 days ago
|
|
|
>"Is there a real-world scenario where data sanitization is required where proper data encoding/escaping is not the better solution?" In context of SQL queries which accept variable input, the only correct approach is to parameterize the queries, never to string-encode the variables. So, yes. But perhaps you implied parameterization as well. |
|
|