I use PDO, and the prepared requests. But the essence is that, for example, I receive a message from the input field of the textarea type
лалала, привер всем! \n (это перенос строки когда в textarea происходит enter) я юзер который отправил смс!
So what is the point, is it safe to immediately insert a PDO prepared request, the content that came from the user, directly?
Now I use a bunch of regular expressions, to check the contents, but many complain that the form says errors like "FIELD is not filled correctly", and every time I add, cut out all forms of UNION, SELECT, etc. from the forms ...