Comment by sedeki

A string that is supposed to represent a ”name” in a web app context — safe or not? I am referring to potential SQL injections.

Surely, no names contain semicolons, but is the business logic-part of your app to determine that names which only contain A-Za-z (or whatever) are safe?

It is contextually dependent, meaning in practice as close to the actual SQL query as possible. Or call to file system, where dots are unsafe, and so on.

Static typing helps here as described in the article.