如果$值中包含撇号('),则以下内容不会更新MySQL数据库。如何逃避角色?
$sql = "UPDATE NetLog SET $column = :val WHERE recordID = :rec_id";
$stmt = $db_found->prepare($sql);
$stmt->bindParam(':val', $value, PDO::PARAM_STR);
$stmt->bindParam(':rec_id', $recordID, PDO::PARAM_STR);
$stmt->execute();