PHP PDO操作mysql不注意的话依然存在SQL注入

清华大佬耗费三个月吐血整理的几百G的资源,免费分享!....>>>

<?php 
dbh = new PDO("mysql:host=localhost; dbname=demo", "user", "pass");
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); 
$dbh->exec("set names 'utf8'");
$sql="select * from test where name = ? and password = ?";
$stmt = $dbh->prepare($sql);
$exeres = $stmt->execute(array($name, $pass));