Simple question and i want simple answer. I'm using PDO prepared statements to make sure my data are safely processed to the database. But im confused. Do i have to disable magic quotes or use stripslashes on variables if magic_quotes are enabled. And after then letting the PDO do the security job ?
If you are using PDO's prepared statements to insert data into your database, the data will go into the database exactly as you insert it. magic_quotes adds slashes to the data: these will therefore be present in the database. This is obviously not what you want.
As you say, disable magic quotes or, if necessary, use stripslashes.