pdo
$db = new PDO('mysql:host=127.0.0.1;dbname=test;charset=utf8','root','rootpass');
$stm = $db->prepare("select * from test where field = :value");
$stm->bindValue(':value',$_GET['field'],PDO::PARAM_STR);
$stm->execute();
$rows = $stm->fetchAll(PDO::FETCH_ASSOC);
var_dump($rows);
mysqli
$db = new mysqli('127.0.0.1','root','rootpass','database_name');
$stmt = $db->prepare("select * from test where field = ?");
$stmt->bind_param('s',$_GET['field']);
$stmt->execute();
$rows = array();
while ($row = $stmt->fetch()) array_push($rows,$row);
var_dump($rows);
建议大家多点用这种方式查询