I am start using codeigniter 4. Codeigniter Model and query builder using escape. codeigniter will automitically escape all data before enter database. They are not use prepared statement for query builder and Model, but Laravel use pdo prepared statement for query builder also do same thing cakephp and symfony. I think codeigniter is sql injection vuln because they are not use prepared statement.
is codeigniter 4 are secure ?