I've been reading a lot about database security and using htmlspecialcharacters() and mysql_real_escape_string.
Is this necessary to use these functions with codeigniter or does it handle this automatically? e.g.
$this->db->select('*', FALSE);
$this->db->where('published', 'yes');
$query = $this->db->get('my_table');
$results = $query->result_array()
You don't have to worry about escaping your text as long as you use active records.