Is “filter input, escape output” still valid with PDO

Question

I\'ve read this before \"filter input, escape output\" but is filtering input really needed when I use PDO with PHP? I thought with PDO I don\'t need to filter input because

Answer 1

Yes, it is still valid.

Filtering is not about preventing security vulnerabilities, it's about not populating your database with garbage. If you're expecting a date, make sure it at least looks like a date prior to storing it.

Escaping output is about preventing security vulnerabilities (namely XSS or Cross Site Scripting).

So yes, both are quite important and are totally unrelated to SQL Injection (although a fair number of developers still confuse filtering with escaping for SQL queries and hence can still be subject to vulnerabilities)...