Filter user requests. Make use of "validators" to validate user inputs and apply various useful rules to it like uniqueness to a certain table and require a certain field to be numeric and such. You can also customize error messages returned from failed validations. Just make sure you control what inputs goes into your database.

Return to Thread...