code example using prepared statements to prevent from SQL injection

pdosqlinjectionprotectionphp

<?php

$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING); // Basic sanitization

$sql = "SELECT * FROM users WHERE name = :name";
$stmt = $db->prepare($sql);
$stmt->bindValue(':name', $name, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll();