如何改变这些MySQL代码的PDO ?以及如何用pdo代码转义字符串 - How to change those MySQL codes to PDO ? and how to escape a string with pdo codes?

How to change those MySQL codes to PDO ? and how to escape a string with pdo codes?

$sql = "INSERT INTO users(user_name, user_pass, user_email, user_date, user_level)
                VALUES('" . mysql_real_escape_string($_POST['user_name']) . "'
                    , '" . sha1($_POST['user_pass']) . "'
                    , '" . mysql_real_escape_string($_POST['user_email']) . "'
                    , now(), 0)";
            $result = mysql_query($sql);

// configuration
$dbtype     = "sqlite";
$dbhost     = "localhost";
$dbname     = "test";
$dbuser     = "root";
$dbpass     = "admin";
// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$user_name='Mohoni';
$user_pass='mohinipass';
$user_email='mohini@yopmail.com';
$user_date='2014-03-21';
$user_level='first';
// query
$sql = "INSERT INTO users (user_name,user_pass,user_email,user_date,user_level)     
VALUES (:user_name,:user_pass,:user_email,:user_date,:user_level)";
$q = $conn->prepare($sql);
$q->execute(array(':user_name'=>$user_name,
':user_pass'=>$user_pass,
':user_email'=>$user_email,
':user_date'=>$user_date,
':user_level'=>$user_level));

您可以使用$conn->quote作为字符串，如下所示:

$conn->quote($user_name);