Filter user input with filtering date

Since I开发者_C百科 am using PDO to prevent SQL injection, do I still need to apply PHP's data filters to ensure the input is the correct format? Is PDO protect all kind of injections?

$STH = $DBH->prepare("SELECT * from jem WHERE email=? AND pass=? LIMIT 0,1");

Any more tip for login script would be help.

Before using PDO, I guess you were validating your data (using a validation filter for instance), and then you escaped it before inserting it in your db. Now, you only need (but still need) to do the first thing.

Regarding your second question, PDO protects you against SQL injections. You still have to escape html before outputting it, to protect from js code injection