Sql injection etc



I’m just starting with API’s / Dreamfactory and hope this is not a dumb question… But I was wondering whether - security wise - everything is taken care of by DF.

For instance: if I create a PHP-app where an authorised user can post a new record into a database with a form, do I still have to take care of sanitizing the $_POST input? Or does DF take care of all that?

Thanks & regards,