Security Corner: Input Filtering
Input filtering is the method by which you validate all incoming data and prevent any invalid data from being used by your application. It's very similar in theory to how water filtering works, where impurities in water are not allowed to pass.
via shiflett.org
Old but still valid, just look at what did happens to Twitter and Digg this week! And don't forget output filtering too. And here is another good post on the subject.
