On the Kohana prepared statement documentation it states
Although all parameters are escaped to prevent SQL injection, it is still a good idea to validate/sanitize your input.
From what I read on prepared statements, I was under the impression that binding parameters prevented SQL injection. If this is not the case, what sanitization/escaping method should I be using before binding the variables?