Prepared Statements

$handle = new PDO('mysql:host=localhost;dbname=ajax'); $statement = $handle->prepare('SELECT `id`, `name` FROM `users` WHERE `login` = ? AND `password` = ?'); $statement->execute(array($username, $password_hash)); if ($user = $statement->fetch(PDO::FETCH_ASSOC)) { echo $user['id'],"\t",$user['name'],"\n"; } else { echo "No user found.\n"; }