There are two great examples on the pdo::prepare()documentation.

pdo::prepare()文档中有两个很好的例子。

I have included them here and simplified them a bit.

我把它们包括在这里并稍微简化了它们。

This one uses ?parameters. $dbhis basically a PDO object. And what you are doing is putting the values 150and 'red'into the first and second question mark respectively.

这一个使用?参数。$dbh基本上是一个 PDO 对象。您正在做的是将值150和 分别'red'放入第一个和第二个问号。

/* Execute a prepared statement by passing an array of values */
$sth = $dbh->prepare('SELECT name, colour, calories
                      FROM fruit
                      WHERE calories < ? AND colour = ?');

$sth->execute(array(150, 'red'));

$red = $sth->fetchAll();

This one uses named parameters and is a bit more complex.

这个使用命名参数，有点复杂。

/* Execute a prepared statement by passing an array of values */
$sql = 'SELECT name, colour, calories
        FROM fruit
        WHERE calories < :calories AND colour = :colour';

$sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array(':calories' => 150, ':colour' => 'red'));

$red = $sth->fetchAll();