How do I block sql injections from a page like this one...http://u.neighborrow.com/items/recent
CakePHP already protects you against SQL Injection if you use CakePHP's ORM methods (such as find() and save()) and proper array notation (ie. array('field' => $value)) instead of raw SQL. For sanitization against XSS its generally better to save raw HTML in database without modification and sanitize at the time of output/display.
This should give you a good idea of how to do it.
App::import('Sanitize');
class MyController extends AppController { ... ... }
Once you've done that, you can make calls to Sanitize statically.