PDO statement to avoid SQL-injections

Safe arguments binding using PDO to avoid injections in MySQL. Read more.

php
fork add to bundle source
function pdo_prepare($sql, $bind = []) { $pdo = new PDO('mysql:host=127.0.0.1;dbname=db', 'user', 'pwd'); $stmt = $pdo->prepare($sql); $stmt->execute($bind); return $stmt; }

usage

load_function('pdo_prepare'); # you can safely pass arguments directly from GET/POST $stmt = pdo_prepare( 'SELECT * FROM users WHERE email = :email', [':email' => $_POST['email']] ); // $user = $stmt->fetch(); // ...
← how to use this in app?
create log ...inout