SQL Injections: Use preparedStatements.

Cross Site (XSS) : Clean up input fields. Don't let scripts to be inputted.

DDOS: Make sure you check if there is enough space while putting in data in C.