The SQL Injection elimination works like so!
All input from the user (GET / POST / COOKIE) and scanned in the process and converted into there entities so < becomes < and ' becomes & #039;
so when you attempt to acces these converted enities with $this->input->post->usernmae instead of $_POST['username'] there pretty safe altho you still need to escape them!
in the model when your using the database you would do the following
$Query = $this->prepare('INSERT INTO (culumn_1) VALUES (?)');
$Query->bindParam($this->input->post->username); //its escaped here automatically
$Query->execute(); //And run
The input sanitization removes a fair amount of possible injections but not 100% with null chars etc!
the seo as described within another post is the routing
so take this url for instance
http://mysite.com/users/profile/administration
The urls are made up of 2 major segments
Code:
http://mysite.com/controller/method/unlimited/amount/of/varaibles/to/be/passed/to/the/method
this will load the file users.php and run the function profile() and pass in the first value adminstrator!
theres 4 lines to the htaccess to make this possible but here are some urls that you can see the SEO possibilities
http://mysite.com/blog/view/some-unique-title
http://mysite.com/downloads/get/22/some-download-title-here/
http://mysite.com/users/login/
all these get routed to the correct controller+method and pass in the params!
simples :D
ill sort some beta's out soon