> no input validation to stiff thst goes into your database
I'd put "conflating input validation with escaping" on this list, and then the list fails the list because the list conflates input validation with escaping.
Good point, as I mentioned, this is a non-exhaustive list. Input validation and related topics like encodings, escaping, etc could fill a list single-handedly.