I'm making a standard contact form that is integrated with my FM database via the data API. The web page is PHP/HTML5 and just performs standard cURL operations to submit the data to FM after validating it.
My question is: even though it's not an SQL database, do I need to worry about SQL injection? Are there any similar vulnerabilities with the data API or is it pretty safe?
The form itself just uses a login that only has access to create a record in the contacts table and only has access to the fields available on the web form.