Expressionengine sending html to database via SAEF form - Safety measures

I'开发者_运维技巧m using safecracker in expressionengine to display a form to front end users. User can enter html content in one of the fields. How do i sanitize this information before it goes to the database so it prevent sql injections and malicious code from running.

No action is required to prevent SQL injection. All input through SafeCracker is run through the Channel Entries API, which sanitizes all input.

To prevent things like script tags, you can explicitly allow only "safe" HTML in the Channel Posting Preferences for the channel you're allowing entries into. (Admin → Channel Administration → Channels → Edit Preferences).