Everything mentioned in the editorial is correct. Yet it is incomplete. It fails to give useful, actionable guidance on the most crucial thing; namely what to do.
Instead of mentioning the many difficult problems with validating names it should mention the one thing which will fix the problem.
Instead of attempting to validate names and block SQL statements, such code should use the parameters mechanism. That way we end up with Mr Null as a proper row in the database along with Mrs Create, Miss Drop and the entire Apostrophe family.
We also eliminate a bunch of complex and difficult to maintain code.
In my experience with these, the biggest problem came when we took on a girl who had no family name. She came from a small village, they had no need of such things so they didn’t bother. I bet she left a trail of broken computer systems behind her.