Only allow the types of characters you expect (e.g., numbers for an ID field).
This is the gold standard. It treats user input as literal text, not executable code [6]. Only allow the types of characters you expect (e
If you are looking to learn about this for security research or to protect your own applications, here is a quick guide on what’s happening and how to prevent it. What this payload does: Only allow the types of characters you expect (e