I want to ask you if my PHP code is safe enough. I don't know if I should escape special characters in string after regex validation:
<?php
require_once '../../../wp-load.php';
$errors = [];
if (preg_match('/[^a-ząćęółśżźń ]/i', $_POST['name']) || strlen(trim($_POST['name'])) == 0 || strlen($_POST['name']) > 60) {
$errors[] = "Invalid name";
}
if (empty($errors)) {
echo json_encode(['status' => true]);
$wpdb->query($wpdb->prepare("INSERT INTO people VALUES(null, %s)", $_POST['name']));
} else {
echo json_encode(['status' => false, 'errors' => $errors]);
}
And what if i use PDO prepare instead of wordpress function?