Parameter validation and other security measures

We have a site that receives about 30000 uniques per month. Lately, we have been hit with URLs that are hundreds of characters long with all sort of junk in the URL/parameters. I suspect this is an attempt at session hijacking or something similar. At a minimum, it fills up our log files and generates undesirable email alerts.

I began reading up on Rails security here: rails.info and also looking into stuff like http://www.hoptoadapp.com/welcome.

My question here is: what is a good way to validate "params" in rails apps to handle SQL injections, etc.?

I'm considering writing some common routines to validate the param type, min/max length, detect SQL keywords, etc. but didn't want to reinvent the wheel if there is already stuff out there (e.g. plugins).

Thanks in advance.