ways to prevent SQL injection

Method 1?? Addslashes ();

Method 2?? Mysql_escape_string ();

Method 3?? Turn on Magic Quotes

Method 4?? Control the data entered by the user, such as:

Using intval to prevent SQL injection, intval () can turn variables into integer types for receiving pure integer data
$id =intval ($_get[' id ');

Method 5?? Use the quote () method of the PDO object to control the data entered by the user:

The quoted string is returned and the special characters in the string are filtered by a backslash escape

Usage: $username =$_post (username);

$username = $pdo->quote ($username);

Method 6?? Use the Prepare (), Excute () method of the PDO object:

Usage:

Placeholder Form 1?? ：

$username =$_post (username);

$PASSWD =$_post (passwd);

$sql = "SELECT * from Users where username=: a and passwd=: b ;";

$stmt = $pdo->prepare ($sql);

$stmt->execute (array (:a=>$username,:b=>$passwd));

Placeholder Form 2?? ：

$username =$_post (username);

$PASSWD =$_post (passwd);

$sql = "SELECT * from Users where username=? And passwd=? ; ";

$stmt = $pdo->prepare ($sql);

$stmt->execute (array ($username, $passwd));

ways to prevent SQL injection