The front end of BalfBlog is now using prepared statements for everything. This was absolutely crucial since most of the front end relied on users sending GET requests to the blog. These are now completely safe since the update.
The dashboard has already featured prepared statements for sending information, but the front end was still lacking. I will point out however, as a result of this update you currently cannot combine queries. This means you cannot search for a user and a category at the same time. So this no longer works:
blog/?cat=General&poster=jamiebalfour04
This is coming back very soon however. As a matter of fact it is in the latest version, it's simply not tested thouroughly enough for me to be sure it can be released.