I have a use case where I'm generating a dynamic query before eventually calling session.query(...) with it. I'm providing a parameter map to the function that has input that comes from the user. I figured this input would get automatically sanitized...
