[eluser]JasonS[/eluser]
You need to use the form_validation class to ensure that user data is correct.
Beyond that you are fairly protected.
Quote:Beyond simplicity, a major benefit to using the Active Record features is that it allows you to create database independent applications, since the query syntax is generated by each database adapter. It also allows for safer queries, since the values are escaped automatically by the system.