If you are accepting input from a form to create the connection I would probably use some sanitization functions to clean it up before using it. If this is being stored in a text file or a database it would be a good idea to sanitize before it is saved as well before it is used.
http://php.net/manual/en/function.filter-var.php
$db_host = filter_var($db_host,FILTER_SANITIZE_FULL_SPECIAL_CHARS);
Equivalent to calling htmlspecialchars() with ENT_QUOTES set. Encoding quotes can be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. Like htmlspecialchars(), this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. http://www.php.net/manual/en/filter.filters.sanitize.php
Connect credentials should not come from user under any circumstances.
You have to store them in your server in some config file. And then use with connect string.
Please note that charset should be set in DSN, not options.
include 'settings.php';
$dsn = "mysql:host=$db_host;dbname=$db_name;port=$db_port;charset=$charset";
$pdo = new Data($dsn, $db_user, $db_pass);
