I used to write the code like this:

Code:
if (isset($_POST['ad']))
	$ad = $_POST['ad'];
	$ad = htmlspecialchars($ad, ENT_QUOTES, 'UTF-8');
But if I do this:

Code:
try
{
$sql = "INSERT INTO store" SET
rob = :rob";

 $s = $pdo->prepare($sql);
 $s->bindValue(':rob', $_POST['rob']);
 $s->execute();
}
catch (PDOException $e)
{
$output = 'Error performing update: ' . $e->getMessage();
include 'output.php';
exit();
... then does that mean I re-write the top part as just:
Code:
if (isset($_POST['ad']))
... dropping the htmlspecialchars() line?

Does bindValue mean we don't need to use htmlspecialchars() any more? I'm redoing my code with PDO and need clarification on this point. Is htmlspecialchars() just used for echoing data?

Thanks!