When somebody sends me a field that has too many/invalid characters, or an email thats already taken, or numbers for a first name, I have always sent back a 400 with a list of field validation errors.
Is this the right thing to do? reading through all the 400s here is starting to make me question the right way to say "I understand the data, I understand the content-type and your headers, but I can't put this in my database".
Consider using 422 which means the general layout of the request is correct but its content could not be processed.
I usually take the 422 in a scenario liked described. Otherwise, I would respond with 400.