SQL injections in URLs and ways to avoid them