in reply to
DBI and stored procedures
Regardless of SQL injection concerns, you should be validating pretty much all entered data anyhow, except for perhaps freeform "comments" fields and the like.
Is it a date field? You need to validate that it's a good date, and not 2009-02-29. Is it a credit card number? Validate that it's sixteen digits and the check digit is correct. Etc. Unless these things are being verified in the stored proc, you need to check them in code before sending it to the database.