Option C is the correct answer because 'Avoid sending the wrong data' is not a technical injection prevention mechanism - it's a general practice rather than a specific defensive technique. The other options ARE valid prevention mechanisms: escaping special characters (A), using parameterized APIs/prepared statements (B), and input validation with whitelists (D) are all standard techniques for preventing SQL injection and similar attacks.