Any input data that your program isn't prepared for may be exploitable later.Again, with strings you need to identify what is legal, and reject any other string.So the next few sections will describe some common kinds of data that programs expect -- and what to do about them.Let's start with what would appear to be one of the easiest kinds of information to read -- numbers.
On the other hand, if you're too permissive, you may not find that out until after your program has been subverted.
Instead, determine what is , check if the data matches that definition, and reject anything that doesn't match that definition.
For security it's best to be extremely conservative to start with, and allow just the data that you know is legal.
Don't depend on the lack of a minus sign to mean that there are no negative numbers.
Many number-reading routines, if presented with an excessively large number, will "roll over" the value into a negative number.