What is the function that is currently being used in PDO to escape special characters before executing a SQL statement?
Before starting to use PDO I was using real_escape_string (), in addition to others that are used to clean strings such as strip_tags (), htmlespecialchars () and others.
I do not know if real_escape_string can still be used in PDO or only for the mysqli driver
With the prepare method, you can do it in the following way:
$sentencia = $conexion->prepare("SELECT * FROM publicaciones WHERE id = ? ");
and using the question mark that will be dynamic because it will receive the value for which the query will be made
Or you can try the bindParam () method;
$id = 1;
$sentencia = $conexion->prepare("SELECT * FROM publicaciones WHERE id = :id");
$sentencia->bindParam(':id', $id);
$sentencia->execute();
bindParam (); links the value to a specific variable