Can’t. Be sure to escape special characters such as quotation marks and backtick marks. Be sure to pay attention to the encoding of the database. Be sure to filter for special encodings in statements. pdo uses database parameter binding, so injection is avoided.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Can’t.
Be sure to escape special characters such as quotation marks and backtick marks.
Be sure to pay attention to the encoding of the database.
Be sure to filter for special encodings in statements.
pdo uses database parameter binding, so injection is avoided.