我是PDO的新手,我想知道我的代码是否可以安全地使用SQL注入,并且我是否可以改进以使其更安全或更清洁。
$statement = $pdo->prepare("INSERT INTO login_users (username, user_level, name, email, password, expires)
VALUES(:username, :user_level, :name, :email, :password, :expires)");
$statement->execute(array(
"username" => $_POST['username'],
"user_level" => $_POST['user_level'],
"name" => $_POST['name'],
"email" => $_POST['email'],
"password" => $_POST['val-password'],
"expires" => $_POST['expires'] . ' ' . $_POST['default-hours']
));