// 创建数据库连接
$dsn = “mysql:host=your_host;dbname=your_db”;
$username = ‘your_username’;
$password = ‘your_password’;
try {
$pdo = new PDO($dsn, $username, $password);
// 设置PDO错误模式为异常
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// 准备SQL语句
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->bindParam(':username', $userInput); // 绑定参数
$userInput = "admin' -- "; // 用户输入
$stmt->execute();
// 获取结果
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($results);} catch (PDOException $e) {
echo “Connection failed: ” . $e->getMessage();
}
