Efficiently sanitize user entered text

Question

I have a html form that accepts user entered text of size about 1000, and is submitted to a php page where it will be stored in mysql database. I use PDO with prepared state

Answer 1

There are two simple things you need to do to be safe:

• Use prepared statements or escape the data correctly.
• When outputting to HTML, always escape using htmlspecialchars( ).