SQL Injection and Codeigniter

Question

Some doubts regarding Codeigniter and its Input handling capabilities. Some may be a little weird but they are doubts none-the-less.

1. If I use the Active Record

Answer 1

Whenver you use User Generated Input then pass it through the input library where it filters for xss and sql injections.

$this->input->post() 

http://codeigniter.com/user_guide/libraries/input.html

Do check for more info on security filtering.

Within the CI framework check the file

Codeigniter->System-libraries->input.php

file where you can find internally the functions used by CI for sanitizing data.

XSS clean basically means filtering Out unwanted XHTML/HTML Tags