I have a php script that contain many mysql functions na connection to database , and for security reasons to prevent SQl injection I would like to replace these mysql functions with pdo functions.
$e = mysql_real_escape_string($l);
$query = "SELECT * FROM users";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result)
$query = "SELECT * FROM users WHERE (first_name='" . $f_name . "' AND last_name='" . $l_name . "') OR (email = '" . $email . "')";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$insert = "INSERT INTO users(`email`, `first_name`, `last_name`, `created_at`, `modified_at`) VALUES ('{$email}', '{$f_name}', '{$l_name}','" . date('Y-m-d H:i:s') . "','" . date('Y-m-d H:i:s') . "');";
$update = "UPDATE users SET `is_user`=1 WHERE user_id=" . $user_id;
mysql_query($insert) or die(mysql_error());
mysql_query($update) or die(mysql_error());