An effective strategy to detect SQL injection attempts is to rigorously validate the parameters received by the application. Each parameter should be checked according to rules specific to the application's domain. For example, parameters representing identifiers (such as those starting with id, e.g., idUser, idOrder) can be validated using a regular expression that allows only integer numbers. Similarly, other types of parameters should be validated based on their intended use. Es. Boolean parameters (true/false or 0/1). Alphanumeric codes with a predefined length or mask. Strings restricted to allowed characters to prevent malicious input. To systematically enforce this validation, a function could be included in every page to validate all (present and future) parameters according to this rule. This ensures a consistent security policy across the entire application.