How can SQL Injections be prevented in PHP code?

SQL Injections can be prevented in PHP code by using prepared statements with parameterized queries. This method separates the SQL query logic from the user input data, preventing malicious SQL code from being executed.

// Using prepared statements to prevent SQL Injections
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();