I usually end up using the ActiveRecord pattern in some way, typically through a framework, but you could simply use an
ActiveRecord library in place of a framework, of course. You could even roll your own, but there are a staggering number of excellent solutions out there, so it really isn't worth the effort.
Essentially all PHP ORM solutions use AR in some capacity underneath, and while I could be wrong, I think many of them use PDO under-the-hood as well. As far as security goes, pretty much all widely-used AR libraries or ORM solutions are quite secure, giving you SQL-injection security out-of-the-box. They also reduce the amount of SQL code you have to write by hand and make updating and maintenance much easier. About the only downside to some AR implementations is that they require a few OO method calls to fully create a query, but if you have a good IDE with auto-completion, that is greatly simplified. The only real downside I have seen to several ORMs is that their setup can take some time, doing various configurations. But once you get it ready, it makes database access ridiculously easy and ties your database tables directly to your classes.
