Overview
Implement access control schemes Restrict access to database objects and functionality, according to the Principle of The Least Privilege (Insecure direct object references).
Base input validation on a whitelist. Use the most restrictive rule by default and allow special characters only by exception. This will reduce the attack surface for many vectors.