What is PDO, how is it related with SQL injection, and why I should use this?

Question

Actually I did google and got so many results, but I can\'t understand, because I\'m new in this field.

So what is an easy way that what is PDO, why I should use thi

Answer 1

Simply imagine this user input: "1'); TRUNCATE TABLE accounts; --", with your statement, if the user know what db structure you have, can easily drop everything from the db (assuming the db user have the authorizations.

Never use the user input directly in a sql query as you've done, always escape/cast before use.

PDO - PHP Data Objects - is a database access layer providing a uniform method of access to multiple databases.

It doesn't account for database-specific syntax, but can allow for the process of switching databases and platforms to be fairly painless, simply by switching the connection string in many instances.

Please read this link carefully, it explains why pdo should be used in php