There are many different ways you can be hacked, today we will only list 3 of those attacks and how you can prevent them.
HTTP requests are created that can execute whatever command the attacker wants. For example, you could tag on an extra command to the end, which would allow access to execute your own code on the server. You can prevent it by making sure the command strings are securely constructed.
Tricking website users into clicking on a harmful link by disguising the link as something else. For example, an attacker can create their own site with a very similar URL to your site, and include your site in an iframe, wrapping it in an link tag, making anyone who clicks on your site potentially download malware. It can be prevented by making your site block any attempt to load your site into an iframe.
Attackers send a spoofed “from” address to mislead people about the sender of the message. A real world example of this is phishing. An simple way to prevent this is to change your DNS records to list a Sender Policy Framework, allowing you to specifically state which servers are allowed to send you emails from your domain/site.