Passing an unsanitized user argument to a function call makes your code insecure. This might allow attackers to modify sensitive data, run code, and perform other unwanted actions.