PDO预处理

$sql = '????' //暂时不赋值,用问号或者:name代替
$pdo -> prepare($sql) //创建预编译对象
$stmt -> bind_param() //参数赋值
$stmt -> execute() //执行代码
$stmt -> fetch() //获取一个结果
$stmt -> fetchAll() //获取所有结果

实例

<?php
$dsn = 'mysql:host=localhost;dbname=mysqli';
$pdo = new PDO($dsn,'root','root');
$pdo -> exec('set names utf8');
$sql = "SELECT * FROM users WHERE id>?";
$stmt = $pdo -> prepare($sql);
$id = 2;
$stmt -> bindParam(1,$id);
$stmt -> execute();
$data = $stmt -> fetchAll(PDO::FETCH_ASSOC);
var_dump($data);
<?php
$dsn = 'mysql:host=localhost;dbname=mysqli';
$pdo = new PDO($dsn,'root','root');
$pdo -> exec('set names utf8');
$sql = "UPDATE users SET monney=1000 WHERE id=:id>?";
$stmt = $pdo -> prepare($sql);
$id = 2;
$stmt -> bindParam(1,$id);
$result = $stmt -> execute();
var_dump($result);