Almost nothing is stored in the database that comes directly from the user (that isn't run through the engine for validity or generated by the engine). Off the top of my head user displayname and other properties are the most likely to need to be escaped if they aren't already
Almost nothing is stored in the database that comes directly from the user (that isn't run through the engine for validity or generated by the engine). Off the top of my head user displayname and other properties are the most likely to need to be escaped if they aren't already