What kind of "standard inbuilt anti injection code" are you referring to? Mysql_real_escape_string()?