1.查询
$db =newPDO("mysql:dbname=imdb","root","sesame");
$row = $db->query("SELECT name FROM movies WHERE name LIKE '%oo%'");
$row = $db->query("SELECT name FROM movies WHERE name='$title'");2.删除
$db->exec("DELETE FROM movies WHERE year=1999");3.插入
$db->exec("INSERT INTO actors(id,first_name,last_name)VALUES(15241,'Jenifer',Auster)");
避免SQL注入
quote
<?php
$db =newPDO("mysql:dbname=imdb","root","sesame");
$title = $db->quote($_GET["movietitle"]);
$rows = $db->query("SELECT year FROM movies WHERE name=$title;");?>