During a penetration test, you are evaluating a collection of scripts that includes various procedures to handle different tasks. One of the procedures is meant to sanitize user input for a web application form to prevent injection attacks. The procedure checks the input against a set of conditions before allowing it to be processed by the server. Which of the following is a best practice that the procedure should implement to prevent malicious data from compromising the server?
Using parameterized queries with placeholders for user input.
Escaping all special characters in the input to ensure they are treated as literal strings.
Restricting the length of the input to a maximum number of characters allowed.
Hashing the user input before appending it to the server-side script.