How does PDO handle value passing compared to mysqli in PHP?

When passing values to SQL queries in PHP, PDO uses prepared statements with placeholders to securely bind parameters, while mysqli requires manually escaping values or using prepared statements. PDO provides a more secure and cleaner way to pass values to SQL queries compared to mysqli.

// Using PDO to pass values to SQL queries
$pdo = new PDO('mysql:host=localhost;dbname=mydatabase', 'username', 'password');
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = :id');
$stmt->bindParam(':id', $userId, PDO::PARAM_INT);
$stmt->execute();