It is important to know when programming how to prevent hacking. Here is another way where PHPixie works great and as expected.It appears to me that PHPixie protects against alot of stanard hacking if used in the proper and expected way:
When getting post data, instead of using the standard PHP: $_POST["variable_name"]; (WRONG)
$this->pixie->post("variable_name");
When adding it into the database do NOT use mysql queries... instead use the ORM:
if($pixie->loaded()){ //Make sure it was in the database.
$pixie->name = $this->pixie->post("name");
$pixie->save();
}
Finally, when changing or sending data to the client, make sure they are the owner and that they have permissions for this data specifically. It is easy to make sure someone has a role as an owner, but you must make sure they are an owner of this data specifically. For example a shop owner can change and look at their data, but don't allow them to look at another shop's data. This is possible when all you check for are roles and not also ownership of the data.
Good luck, and keep the web safe.