I don't really agree with that criticism. The first DB example I used was all about parameterized queries. Still, that doesn't absolve people from at least thinking about escaping stuff, that's why this other example is in there. But I get your point, I'll append the section to make it clearer why I'm referencing a legacy library.