HowTo Prevent SQL Injections with PDO

[Blackfire]

hmm still show's nothing.

 

<?php
$server = 'localhost';
$database = 'newproject_db1';
$user = 'root';
$password = '';
// First we have to create a DSN
$dsn = sprintf("mysql:host=%s;db=%s", $server, $database);
// Then we can use that DSN to connect to the database with PDO
// I use try/catch statements to not show some to revealing error messages when the connection fails
try
{
$db = new PDO($dsn, $user, $password);
}
catch(PDOException $e)
{
die('Error connecting to the database');
}
$admin = '10';
// Prepare the query with placeholders
$dbh = $db->prepare("SELECT a_name FROM t_characters WHERE a_admin = :admin");
// Execute the query
$dbh->execute( array( ':admin' => $admin ));
// Get the result
$rows = $dbh->fetchAll();
// Show the results
foreach( $rows as $row )
{
echo $row['a_name'] . "<br />";
}
?>