PHP

use prepared statement in a where clause PDO

	$servername = "localhost";
	$username = "root";
	$password = "toor";
	$dbname = "testdb";
    $user = 'admin';
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $stmt = $conn->prepare("SELECT * FROM radcheck where username = :username ");
    $stmt->bindParam(':username', $user);
    $stmt->execute();

    // set the resulting array to associative
//    $result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
    $counter = $stmt->fetchAll();
    echo "Total rows returned" .count($counter);

PDO INSERT prepared statement

<?php
$servername = "localhost";
$username = "root";
$password = "";
$database_name = "database_name";

// CREATE DATABASE CONNECTION USING PDO METHOD
try {
    $database_connection = new PDO("mysql:host=$servername;dbname=$database_name", $username, $password);
    // Set the PDO error mode to exception
    $database_connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    echo "Connection Failed" . $e->getMessage();
}


// INSERT DATA INTO THE DATABASE
try {

    $sql = "INSERT INTO `users` (first_name, last_name, email) VALUES (?,?,?)";
    $stmt = $database_connection->prepare($sql);

    $stmt->bindParam(1, $first_name, PDO::PARAM_STR);
    $stmt->bindParam(2, $last_name, PDO::PARAM_STR);
    $stmt->bindParam(3, $email, PDO::PARAM_STR);

    // Assigning data into the variables
    $first_name = 'John';
    $last_name = 'Doe';
    $email = 'johndoe@gmail.com';
    $stmt->execute();

    echo "Data inserted successfully";

} catch (PDOException $e) {
    echo "data not inserted";
}
?>

PDO Prepared Statement php

//Using PDOStatement to protect db from sql injection
// text is the form field you are trying to protect
//We are using  $sql here as the object and joke_table is the
// name of the database table we will insert our jokes in.
//Text in here represents the database column that our users  
//input will be inserted in.

if (isset($_POST['text'])) {
   try {
        $pdo= new PDO('mysql:host=localhost;dbname=omo; chaerset=utf8','username','passwrd');
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $sql = 'INSERT INTO `joke_table` SET   
        `text` = :text, 
        `date` = CURDATE()'; 
        $stmt = $pdo->prepare($sql); 
        $stmt->bindValue(':text', $_POST['text']); 
        $stmt->execute(); 
        header('location: thank.php'); 
      } catch (PDOException $e) {
            echo 'error in connecting to the database'.$e->getMessage().'in'.$e->getFile().':'. $e->getLine(). $e->getCode();
         
    } 
    } else {
    // use any logic that you would like to happen here

    }

PDO INSERT prepared statement

VALUES (:first_name, :last_name, :email)
$stmt->bindParam(':first_name', $first_name, PDO::PARAM_STR);
$stmt->bindParam(':last_name', $last_name, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);