Ah yes, I should have explicitly said use the prepared statements within PDO!It's interesting that the first filter from that list, the email, rejects valid email addresses. It's stuff like that which gets PHP a bad rep.
Also using PDO doesn't help prevent SQL injections but using prepared statements, which PDO makes available to you, does. I'm behind PDO usage, for sure, but you can still use it wrong.
Write a validation class / functions, use regex, better yet, use a framework and follow the guidelines.