Fix PDO not using input filtering in example

Somehow, this pull request (https://github.com/codeguy/php-the-right-way/pull/26) went missing in the move to `gh-pages`.  But it's fairly critical, since the example has `$_GET` being passed straight into a `PDO` statement.  On a write (`INSERT` or `UPDATE`), this can still result in dangerous data (to the app, not to SQL) being written accidentally by a new PHP developer.  Data should always be filtered prior to use.

_posts/07-03-01-Databases_PDO.md

@@ -50,13 +50,16 @@ FROM users` which will delete all of your users! Instead, you should sanitize th
 <?php
 $pdo = new PDO('sqlite:/path/db/users.db');
 $stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id');
-$stmt->bindParam(':id', $_GET['id'], PDO::PARAM_INT); // <-- Automatically sanitized by PDO
+$id = filter_input(FILTER_GET, 'id', FILTER_SANITIZE_NUMBER_INT); // <-- filter your data first (see [Data Filtering](#data_filtering)), especially important for INSERT, UPDATE, etc.
+$stmt->bindParam(':id', $id, PDO::PARAM_INT); // <-- Automatically sanitized for SQL by PDO
 $stmt->execute();
 {% endhighlight %}
 
 This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is
 introduced to the database preventing potential SQL injection attacks.
 
+For writes, such as INSERT or UPDATE, it's especially critical to still [filter your data](#data_filtering) first and sanitize it for other things (removal of HTML tags, JavaScript, etc).  PDO will only sanitize it for SQL, not for your application.
+
 * [Learn about PDO]
 
 You should also be aware that database connections use up resources and it was not unheard-of to have resources