Use a WAF to detect and block common patterns like DBMS_PIPE or UNION SELECT .
Ensure depth_meters is a number and species_name doesn't contain forbidden characters.
If you are looking to develop a feature for an "Underwater Hunting" application, we should focus on building it with to prevent exactly this kind of attack. Feature Concept: "The Catch Gallery"