What should I be afraid of when I make a site public?

If I was going to put my site for the public's use, what are some security issues that I should be worried about?

I know of SQL injections. What other hacks/injections should I be aware of?

Solution

It depends heavily on what kind of site you're putting up. Sites that deal with commerce and payment systems need to be more secure then a site detailing how to wash your cat.

In essence the more personal user interaction a site has, the more it's going to need to be checked for security vulnerabilities. A static html site will probably not have many issues while a site that allows people to register, purchase items, pay with a credit card online, etc, is going to need a much closer look at things under the hood.

How should I pass a table name into a stored proc?
Is this sufficient to prevent query injection while using SQL Server?
Found a weak escape function for MySql, how to exploit?
How can I sanitize user input with PHP?
Is ExecuteSqlRawAsync method with parameterized query in ASP .NET Core a proper way of preventing SQL injection attacks?
Prevent SQL injection when SQL is supplied from the request
Avoid SQL injection in Devexpress Grid where\filter condidtion
Sql string concatenation is always bad?
Protection query against SQL injection, using PDO
how to prevent sql injection in snowflake filter function
Avoid SQL injection in incoming query coming in in-parameter
how to sanitze client query to whereFullText eloquent method in laravel
When is it best to sanitize user input?
How do you safely pass values to SQLite PRAGMA statements in Python?
Java - escape string to prevent SQL injection
Using params in flux queries with Python influxdb_client
Why can I not perform SQL injection on this vulnerable script?
Are PDO prepared statements sufficient to prevent SQL injection?
MySQL INJECTION Solution
PHP Code Functioning as Intended but UNION Injection Payload Doesn't Work
How to reduce vulnerability to cyber attacks from injection?
Is using Hibernate's Restrictions.eq() method safe against SQL injection?
Which characters are actually capable of causing SQL injection in MySQL?
PHP: Prepare JSON selector to Prevent MySQL Injection
SQL-Injection in duckdb-queries on pandas dataframes
SQL injection error in Modsecurity logs in Plesk
What is the correct syntax for dollar-parameters in PostgreSQL queries?
How do I write prepared statements in ballerina?
Problem with identical metrics results after machine learning
Protects dplyr against SQL injections?