Do $wpdb->insert(..) and $wpdb->update(..) automatically sanitize data?

Question

I'm trying to ensure that I avoid any SQL injections so I'm curious how WordPress handles these types of situations.

I would like to use the WordPress wrapper to insert new values into the database. Say I have the following snippet:

<?PHP
$var = $_POST['var'];
$qry = $wpdb->insert( 
    'my_table', 
    array( 
        'var' => $var, 
        'column2' => 123 
    )
);
if ($qry) {
    $new_record = $wpdb->insert_id;
    echo 'Record was inserted successfully with an id of ' . $new_record_id;
} else {
    echo "There was an error with the SQL query";
}
?>

I looked into the WordPress Codex and it says not to escape these values but I want to ensure that I'm not leaving myself open to SQL injections. Am I protected or is there anything else I need to do? Do I have to worry about Select statements as well?

Here is the Codex for reference: http://codex.wordpress.org/Class_Reference/wpdb

Thanks in advance!

Answer 1

You are safe, the WPDB will sanitize the data for you.