is there anyway to escape sql in FORM data.
You can. With PDO, the proper method to escape data for use in an SQL statement is
PDO::quote. If you chose this approach, it would probably be simpler to just use PDO directly, since you’d by bypassing all of the methods your wrapper class provides.
i don’t like using bind because code get long and long and i need to store data in variables every time..
Binding the parameters and using prepared statements is a much better choice. It may be a few extra lines of typing, but it is far safer and more reliable. I would really encourage you to reconsider.