SQL Escaping/Sanitizing Magento Item Attribute Value Data That Is Set Programmatically?

When I programmatically set a Magento item attribute to data that the user provided, do I need to SQL escape/sanitize that data or does Magento take care开发者_运维技巧 of doing so?

-- Here's a code example:

$cart = Mage::getSingleton('checkout/cart');
$cart->addProduct($product, array('qty' => 1, 'options' => array(5 =>$rawDataFromPost)));
$cart->save();

Data is properly sanitized and quoted. In fact the Zend framework does that, which Magento is built on.