Treat all input as Evil until proved otherwise - how to prevent code injection
Adrian J. Beasley has provided us with another excellent article titled A General Defence Against Injection Attacks on Websites written in his inimitable fashion tackling the challenging subject of how to validate user input.