1.防止sql注入-预准备
mysqli:
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?"); $qSelect->bind_param("s", $username); }
PDO:
$PDO->prepare(
"SELECT * FROM users WHERE username = ?"
"SELECT * FROM users WHERE username = :username"
);
$pdo->execute([1]);
$pdo->execute(['
:username=>1
']);