What should considered to prevent Injection in request forms?

What should considered to prevent Injection in request forms ?

e.g : using Recaptcha开发者_如何学Python, preventing SQL Injections, etc ... what other item should be consider ?

1. sanitize all your inputs. all only the required stuff.
2. always use POST as the method in your form.
3. in your server side scripting, anything that got from user should not be directly input to query. retrieve value from db and do the comparison or any other relevent action

Parameterized queries are a must.

You should also validate your input, both on the client and server sides, prior to binding.

Recaptcha, like any other CAPTCHA is a mechanism to identify someone as human. This has nothing to do with SQL injection.

In order to prevent SQL injection attacks, the best form of defense is to use data access libraries as these contain anti SQL injection measures.

You should alway use parameterized queries and never simply build up a SQL string yourself and pass that to the database.