diff --git a/2019/en/src/0xa8-injection.md b/2019/en/src/0xa8-injection.md
index 37f7fde43..ac4e34338 100644
--- a/2019/en/src/0xa8-injection.md
+++ b/2019/en/src/0xa8-injection.md
@@ -73,6 +73,8 @@ Preventing injection requires keeping data separate from commands and queries.
 * Prefer a safe API which provides a parameterized interface.
 * Always limit the number of returned records to prevent mass disclosure in case
   of injection.
+* Validate incoming data using sufficient filters to only allow valid values for
+  each input parameter.
 
 ## References