防止sql注入预准备
mysqli:
$qSelect = $DBH->prepare(SELECT * FROM users WHERE username = ?); $qSelect->bind_param(s, $username); }
PDO:
$PDO->prepare( SELECT * FROM users WHERE username = ? SELECT * FROM users WHERE username = :username ); $pdo->execute([1]); $pdo->execute([' :username=>1 ']);