Is “filter input, escape output” still valid with PDO

Question

I\'ve read this before \"filter input, escape output\" but is filtering input really needed when I use PDO with PHP? I thought with PDO I don\'t need to filter input because

Answer 1

As per sql-injection and security, if you're using PDO properly with bind variables, no you don't need to sanitize. But as Jani pointed out, depending on the data you are saving, such as a text field which doesn't allow html, you might want to sanitize your data, or if the field should be a number, running parseInt() on it or something. But this isn't going to be required to security, but for your own database sanity. It's kind of ugly when someone tries to put html in a comment and you spit it out and you see > < etc.