querysanitization

Query sanitization is the process of cleaning or transforming user-supplied input that will be used to construct a query to a database, search engine, or other data processing system. The aim is to prevent unintended behavior such as injection attacks, data leakage, or performance degradation by removing or neutralizing dangerous input and by enforcing expected formats and lengths. It is commonly applied to web applications that accept query strings, search terms, or API parameters.

Common techniques include validation against a whitelist of allowed values or patterns; escaping or encoding special

It is not a substitute for proper access control, authentication, and least-privilege database permissions, nor for