Data Filtering, Sanitation, And Validation For HTML-allowed Inputs

I've found a lot of info on sanitizing, filtering, and validating forms when it comes to simple inputs like email, phone numbers, addresses, etc. But the security of your app is o

Solution 1:

PDO Prepared Statements when working with dynamic database inputs

right

Limited my production site's database access to a user with less privileges (so if someone does gain control, they'll only be able to update, insert, or select)

useless

Client-side validation (pretty much useless in this context, it's just for users' convenience)

useless

Using POST, not GET

irrelevant

Turned error_display off, so malicious users can't probe

right

There is no item in your list regarding HTML issues. If you want to allow formatted input, you have to use either BB-code or HTML purifier or something of the sort.