My application persists a large amount of data into a MySql database, and I’m wondering if I should handle the cleaning/escaping with a separate class, or if this is overkill? Also, I’m using prepared statements with PDO, so I’m not exactly sure how much cleaning or escaping data I should be doing in combination with binding parameters.
I’m aware of the old Perl adage, “There’s more than one way to do it,” so I’m not asking for an actual solution. I’m just trying to weigh the benefits of calling in another class to handle the escaping, or if the simplicity of this process would better be handled locally.
If you need to do so, then why not? There’s no overkill when putting stuff in a class and then requiring it. It will also allow you to test your code.
I don’t see another way to do that anyway, except using bare PHP functions.
By the way, PDO does escaping. You class would only handle cleaning.