¿Que es preferible utilizar?
Código PHP:
Ver original$resultado = $conectar->prepare("SELECT user FROM user WHERE user = :username AND pass :password");
$resultado->execute(array(':username' => $_POST['username'], ':password' => $_POST['password']));
Código PHP:
Ver original$conectar->prepare("SELECT user FROM user WHERE user = ".$conectar->quote($username)." AND pass = ".$conectar->quote($password)."");
Muchas gracias