I am not sure about the mantis report.
For the second question: If you use $db->update(); $db->insert(); or $db->replace(); you do not need to worry about escaping. Sometimes this is not possible, e.g. for more complex queries you might need to use $db->query(). In this case you should escape table or field names in your query string using $db->quoteIdentifier() and for values using $db->quote().
Best
Alex
For the second question: If you use $db->update(); $db->insert(); or $db->replace(); you do not need to worry about escaping. Sometimes this is not possible, e.g. for more complex queries you might need to use $db->query(). In this case you should escape table or field names in your query string using $db->quoteIdentifier() and for values using $db->quote().
Best
Alex