Some of the most embarrassing database breaches of the past few years boil down to poor input validation and sanitization. In the rush to get code compiled and out the door, developers create input fields that allow users to type in anything they want. Bad guys get their hooks into these unchecked input fields, they’re one step closer to hacking the database. The vast majority of Web programmers are familiar with SQL injection — and its sibling, cross-site scripting — on a conceptual level. Experts say developers need to be aware of how data comes into their application.”]
Source: https://www.darkreading.com/database-security/the-root-of-all-database-security-evils-input