Sanitize User Input

Add input sanitization to protect my app from malicious data.

Framework: [Express, Flask, Django, FastAPI, etc.]

I need to sanitize:
- Text that will be displayed on pages (prevent XSS)
- Data that will go into database queries (prevent SQL injection)
- File names from user uploads
- URLs from user input

For each type:
1. What dangerous characters or patterns to remove/escape
2. The specific function or library to use
3. Where in my code to add the sanitization

Explain the attacks each sanitization prevents — I want to understand why this matters, not just copy code.