L!MP, провел тест, prepare не экранирует
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'annimon';
$db_charset = 'utf8';
try
{
$dbh = new PDO('mysql:host=' . $db_host . ';dbname=' . $db_name, $db_user ,$db_pass);
echo 'Connected';
}
catch (Exception $e)
{
echo 'Unable to connect: ' . $e->getMessage();
}
$sth = $dbh->prepare("INSERT INTO `forum` SET `refid` = ?, `type` = ?, `time` = ?, `user_id` = ?, `from` = ?, `ip` = ?, `soft` = ?, `text` = ?");
$refid = 6787;
$type = 'm';
$time = time();
$user_id = 1314;
$from = 'Koenig';
$ip = $_SERVER['SERVER_ADDR'];
$soft = $_SERVER['HTTP_USER_AGENT'];
$text = '' . $dbh->quote(file_get_contents('test.html') . '');
$sth->execute(array($refid, $type, $time, $user_id, $from, $ip, $soft, $text));
$text = '' . file_get_contents('test.html') . '';
$sth->execute(array($refid, $type, $time, $user_id, $from, $ip, $soft, $text)); 