When writing software you often have to take data from a human and convert, parse, transmit or store it on a machine. It often transpires that humans are really incompatible with computers! They are flakey, vague, illiterate, moody, impatient, bored, rushed and/or inaccurate.
You need to bear this in mind when taking data from them.
This example is how most software I have seen looks. Quite a lot of what I've written too!
What's wrong with that I hear you ask?
Well try entering O'Reilly into an SQL Statement or a SELECT user query with ' OR 1=1 as its recipient.
Or you could offer Users the freedom to set their own channel names and they include control characters, an action that will destroy TDMS files (a bug that took me a LONG time to find and fix!)
Here's some example of possible recipients of dangerous data.
Storing data in databases and SQL
Storing data in formatted files (TDMS, JSON, HTML, XML)
Transmitting data (UDP, Serial (XON/XOFF))
Here's what we need to consider when dealing with human enter data.
I've tried various methods for policing and making data safe. You can police at the dialog/data entry stage.