What is the code you are dealing with that needs fixing? In general, do not leave user input unchecked if it is to be put into sensitive code. For example, a common mistake is to code in query parameters directly into SQL code or form fields. Instead use parameters and variables that enforce type and integrity of data, so someone cannot inject SQL, JavaScript or other malicious code into the mix.
For cross-site request forgery, you can use tokens or verify page referrer to make sure the page posting the data is one you want to be submitting requests.
For cross-site request forgery, you can use tokens or verify page referrer to make sure the page posting the data is one you want to be submitting requests.