1. filters
I use PDO and wanted to know if it is still necessary potential escape characters like ('or'' =')
Already read a lot and some say that PDO is sufficient to prevent SQL Injection
2. BBCode
In a text field htmlspecialchars
is the best option for not displaying html formatting?
Thanks