Apache / Mod Security

If you're using Apache then also check out "Mod Security". This can help block many types of http attack and prevent information leaks if someone does manage to break in.

"DOS Evasive" is also a good one to try, but it seems to have gone AWOL from (what was) its offical web site so you will need to do some digging to find it. Alternatively, you could configure your firewall (pf, if you're using OpenBSD - and why wouldn't you?) to help mitigate DoS attacks.

All user-supplied data should be properly sanitised

If you have a free text input field then it should accept all characters no matter which ones they are. You can't tell someone their name is wrong because it contains something that conflicts with your shitty coding/database.

Parameters...That is all.

How in God's name ...

... are SQL injection attacks even still possible these days and who are these numpties that are churning out these shitty webapps that swallow any old user input and without bothering to sanitise it? HOW are they even getting past the interview stage?

I mean, even trusty old Python running as CGI (nothing fancy, nothing cutting edge) can automatically and reliably sanitise the stream if you ask it to, without any further work from the developer.

This is simply silly. Anyone doing such piss-poor development should be not only dismissed but also possibly be held legally accountable for their irresponsible work.

Its not the development language in use or the paradigm, its simply not knowing what they are doing.