Comment by kortilla
6 years ago
“DELETE * from table” is a safe string though for something like file contents or perhaps a comment box on a hacker news site.
The term “safe string” is effectively meaningless because it entirely depends on how the internals are going to use it.
But of course nobody is talking about universally safe strings. It's just a name to explain the concept.
Point being, if my database API uses the different types than my random internet input types, compiler will force me to convert/parse those.