In PHP, how does PDO protect from SQL injections? How do prepared statements work?

Question

I understand the right way to protect a db from SQL injection is by using prepared statements. I would like to understand how prepared statements protect m

Answer 1

your source is secure from sqli attack.

it's example and not secure when you select one the user from your database.

// example: localhost/user.php?username=admin

$getdata = $_GET['username'];

$dbConnection=$this->dbInstance->createConnexion();
$query=$dbConnection->prepare("SELECT * FROM users WHERE username=".$getdata.");

// PHP simple