PDO is a universal database connection command in PHP, it support 12 different database type e.g MySQL, MongoDB, NoSQL. A big bonus about PDO is that it calculate your code to support the database type, so you don't need to make any chance when moving over to another database system.
|Database support||12 different drivers||MySQLi|
|API||OOP||OOP + procedural|
|Prepared statements (client side)||Yes||No|
The connection part looks awkward but that we need to deal with. The rest of the PDO is simple and useful, it's also help to make the secure part even easier.
$connection = new PDO("mysql:host=localhost;dbname=myDatabase, username, password);
The PDO connect is order by following:
// We use a array to hold the data about whats the :var is in normal $var $params = array( ':username' => '$username', ':email' => $mail, ); // Prepare the SQL and using named secure parameters ":username" $pdo->prepare('SELECT * FROM users WHERE username = :username AND email = :email'); // Execute the $params and send them to the $pdo->prepare $pdo->execute($params);
The code you just read, is protected agents SQL injection