There is basic checking of the fields and special handling of certain types of fields to avoid failure but it is minimal. Depending on your circumstances as what you are doing as to whether you need more. For example if you are working with developing a Joomla extension you might be better off using the model/table methods to do more validation and sanitising. However if your need is a quick and dirty save of the data then what you are doing is a valid solution.
For more details of what is happening with the insertObject()method this is the code being executed.
public function insertObject($table, &$object, $key = null) { $fields = []; $values = []; $tableColumns = $this->getTableColumns($table); // Iterate over the object variables to build the query fields and values. foreach (get_object_vars($object) as $k => $v) { // Skip columns that don't exist in the table. if (!array_key_exists($k, $tableColumns)) { continue; } // Only process non-null scalars. if (\is_array($v) || \is_object($v) || $v === null) { continue; } // Ignore any internal fields. if ($k[0] === '_') { continue; } // Ignore null datetime fields. if ($tableColumns[$k] === 'datetime' && empty($v)) { continue; } // Ignore null integer fields. if (stristr($tableColumns[$k], 'int') !== false && $v === '') { continue; } // Prepare and sanitize the fields and values for the database query. $fields[] = $this->quoteName($k); $values[] = $this->quote($v); } // Create the base insert statement. $query = $this->getQuery(true) ->insert($this->quoteName($table)) ->columns($fields) ->values(implode(',', $values)); // Set the query and execute the insert. $this->setQuery($query)->execute(); // Update the primary key if it exists. $id = $this->insertid(); if ($key && $id && \is_string($key)) { $object->$key = $id; } return true; }
Update 16th August to answer the question from @Lajos Arpad.
The approach above in the OP is more less creating simple SQL statements to insert the data into the table and can be included almost anywhere.
When building a component the preferred approach is to use the Model View Controller(MVC) methodology that intends access to the data should only be done through a Model class. Joomla provides a number of Model classes that can be used, and extended, to deal with read and writing to the database such as ListModel, AdminModel, FormModdel all of which extend from BaseDatabaseModel
This is covered in reasonable detail here, https://docs.joomla.org/Model-View-Controller
Joomla also adds the use of Table classes that are used to write and read data from a single database table.
In relation to the original question it is the in-built methods in the Table and Model class(es) where you can use as is, extend or override the methods to manipulate(i.e. sanitise) your data before and after the database table is accessed.
There is a lot of context required around what your are coding and how it is to be used or maintained to say whether you need to follow the MVC approach at all, however if you intended to develop for Joomla at any scale it is worth learning about what Joomla can do for you.
For an example of your code using the Model and Table classes is would become something like this, however there is lot more that has been set up to get to this stage
$action = new StdClass(); $action->my_text = "I'm OK"; $this->mytable->save($action);
There is on the other hand a lot more happening as art of the save() method. It is like comparing Apples to Oranges.
