@Elizafox when I worked for a university I was told that I shouldn't worry about validating database input correctly because the head IT guy didn't think it was possible to use parameterized inputs.

It took me about an hour to make it work with their system.