That's the purpose of validation. I think we was talking about sanitisation before storage. But I think that if there is a good validation, sanitisation is half taken care of. Sanitisation will still be indispensable even if one is using parameter bindings or prepared statements.

Sure, I'm not talking about no validation or sanitation. I'm talking about as a security measure. Trust the far more secure parameters rather than thinking that escaping some quotes is going to protect you.