$stmt = $pdo->prepare("SELECT * FROM users WHERE id = :id"); $stmt->bindParam(":id", $id); $stmt->execute(); In this example, the id parameter is bound to a parameter :id , which prevents malicious SQL code from being injected.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.