It all depends on the database used on the backend. Thats why it is normally a good habit to have several txt files with different payloads. Scripts like this can also be tweeked for different cases. Or you can make several scripts. One for sql, nosql, or what ever you come across. The key is learning the differences and building a tools that can work with the different types.

Input validation and an IDS like Suricata would go a long way to help.

@@gand0rfTRZ what is ids?

Intrusuon Detection System. I use suricata on my web site. I had a big problem with spray and pray ssh login attempts. After setting it up and adding a rule to drop ssh connects, and adding a ufw rule to only allow ssh logins from the ip address of a mchine I control. The ssh brute forcing has been stopped and isnt taking up resources on my server or clogging up my SIEM logs.