The only safe way for an open entry point into your code is to state and then test ONLY what you will allow.
Blocking what you will not allow is impossible, logically, because the number of wrong or potentially bad inputs is infinite.
Create a list of what is allowed. Check to see that your entry is in there:
Simple minded example, /etc/passwd is the list of allowed users and has : as a field separator; username is field #1, hence the printf format "%s:"
OK, so I understand what expand=${expand:1} is doing (cannot do anything but manipulate variable in variable substitution), but what does expand=${!expand} do?