depends on what the code is. all values taken from a user should be validated and checked to make sure its what you expect, and all info to be stored in a db should be run through [man]mysql_real_escape_string[/man]. always make sure there are no tricks a person could use to insert data where they shouldnt be able to.
if you have a script in question, post it and we can take a look.
