I have a quick question about using PDO and escaping vars. I am new to PDO, so excuse me if this is kinda noobish of me...
I need to run an insert and I checked the manuals PDO->quote for escaping data in a query. It recommended using a prepared statement and binding params, so I am trying this method instead.
I have my prepare statement, params bound, but do I still need to escape the bound params now?
The vars are coming from a posted form. I *DID* have it setup for the I was manually assigning vars from the $_POST, with $db->quote, trim() and all that goodness, but then I remembered extract(), which quickly gave me my vars.
Just curious and was looking for a little insight to using PDO.