diff --git a/includes/http/Request.php b/includes/http/Request.php
index 48af686ff552b72463b826ca8e8c1a8e09f8a649..eaf0b5b5406d39ad3c5bc4871323ae75cd2e38f7 100644
--- a/includes/http/Request.php
+++ b/includes/http/Request.php
@@ -19,6 +19,7 @@ class Vtiger_Request {
 	 * Default constructor
 	 */
 	function __construct($values, $rawvalues = array(), $stripifgpc=true) {
+        	Vtiger_Functions::validateRequestParameters($values);
 		$this->valuemap = $values;
 		$this->rawvaluemap = $rawvalues;
 		if ($stripifgpc && !empty($this->valuemap) && get_magic_quotes_gpc()) {
diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index 9055417c3d2b55ac3c641660b4615eccace0b237..25a7ef961dabdbfc1793dec9ecc3d0f653e57a9b 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -1451,4 +1451,49 @@ class Vtiger_Functions {
 		$value = $db->sql_escape_string($value);
 		return $value;
 	}
+    
+    /**
+     * Suspected request parameters and type.
+     * @var type 
+     */
+    protected static $type = array(
+        'src_record' => 'id',
+        'parent_id' => 'id',
+        '_mfrom' => 'email',
+        '_mto' => 'email',
+        'sequencesList' => 'noAlphabet'
+    );
+
+    /**
+     * Function to validate requests against SQL attacks
+     * @param type $request
+     * @throws Exception - Bad Request
+     */
+    public static function validateRequestParameters($request) {
+        foreach (self::$type as $param => $type) {
+            if ($request[$param] && !self::validateRequestParameter($type, $request[$param])) {
+                http_response_code(400);
+                throw new Exception('Bad Request');
+            }
+        }
+    }
+
+    /**
+     * Function to validate request parameter by type.
+     * @param  <String> type   - Type of paramter.
+     * @param  <String> $value - Which needs to be check against attacks
+     * @return <Boolean>
+     */
+    public static function validateRequestParameter($type, $value) {
+        $ok = true;
+        switch ($type) {
+            case 'id' : $ok = (preg_match('/[^0-9xH]/', $value)) ? false : $ok;
+                break;
+            case 'email' : $ok = (!filter_var($value, FILTER_VALIDATE_EMAIL)) ? false : $ok;
+                break;
+            case 'noAlphabet' : $ok = (preg_match('/[a-zA-Z]/', $value)) ? false : $ok;
+                break;
+        }
+        return $ok;
+    }
 }