The article misstates what 'sanitizing inputs' means.
I agree with posters who recommend passing data as parameters to methods that don't require sanitized input (e.g. stored procedures or KeyValue APIs).
Also, sanitizing input means transforming input so you retain the original content, but without escape or control characters. Sanitizing input does not mean throwing part of the input away (except when you know it is meaningless in your context, e.g. spaces at the end of a name).
While at Amazon, I started a mailing list that sends one curated software engineering tip each day. It still persists, last I heard.
While working there I noticed that other people did productivity hacks I didn't know, and vice versa, all the time, so I created the mailing list. Others had created tip lists before, but they had just posted their own tips on it, and their list fizzled after a few months.
My list had impact because it wasn't "my list" - I just set up a discussion list and a template, and send in the first forty tips or so. After that, it was essentially all other people's tips. My manager had a game-changing suggestion, too: give phonetool icons for people who submit to the list. It served as both motivation and advertising.