Possible Duplicate:
How to prevent SQL injection in PHP?
I use PDO prepared statements to prevent MySQL injection, but should I be doing anything more to sanitize user input? The user will only be shown his own input and the input of others he "friends." Is there anything else I need to do to sanitize input?
I don't think that magic quotes are enabled, and I can't think of any other way a user could mess with my site, but I am new to this so I am not sure.
Thanks in advance!