that is why you put your database behind a firewall and not expose its port to the public internet. There is really no need except for a handful of really edge cases where you have to expose the port to the internet even then you can limit the access to specific hosts only.
The article already assumes you don't have direct access to the database server. Just a backend that legitimately uses the database but creates queries by simply concatenating strings (with some strings being user-supplied, which makes this in practice as good as direct database access once you have guessed how the query is quoted)
That won't help you, because the author assumes an SQL injection is at play. Which is quite a stretch. Who is dumping direct POST/GET data straight into SQL without sanitation these days? Maybe some noobs, but then you have a bigger problem.
I still see it today, in code being written in 2018. One call say "noob", but... every year there's new people coming in to the field. "Noobs" is an evergreen problem.
