Improve value validation
Models should have more value validation. Likely in constructor.
Ensure data is sanitized coming in and out of database. Investigate adding block list for known malicious things, like length, script tags, etc.
Should db handler do the parameterizing, rather than the controller giving a pre-parameterized query (via the query builder)?
-
Model validation -
Blocklist known attack vectors in string data (at least partially done by model validation) -
Disallow data that is too long -
Reduce change of developer making a raw db query in error