Sanitize
Sanitize user input on the server before using it to drive logic, SQL input, or display. Sanitize means filter out unnecessary characters and use URLEncode and HTMLEncode as appropriate.
Request headers, hidden fields, URL’s and cookies are not secure. They can be viewed and edited. They need to be sanitized like other user input.