good soulution for neglecting most popular types of SQL injection

hi,
i want propose you a good soulution for prevent SQL injection.
simply, you need to compare the input with each record in the database like this:

 $con=mysql_query("e;SELECT * FROM login WHERE ID<>'Login';"e;);
while($get=mysql_fetch_row($con))
{
if($get[0]==$_REQUEST["e;ID"e;] && $get[1]==$_REQUEST["e;Password"e;])
{
print("e;Login accepted ..."e;);
}
}

.Net securing
the problemme her is when we have a big database !
so, my proposed solution is what i write in one of my previous post on this link (for .Net developers) : secure your .Net login panel 





so, what about php ?? can we do the same? yah, we can :) :
$db = new PDO('pgsql:dbname=database');
$stmt = $db->prepare("e;SELECT priv FROM testUsers WHERE username=:username AND password=:password"e;);
$stmt->bindParam(':username', $user);
$stmt->bindParam(':password', $pass);
$stmt->execute();

GOOD LOOK :)
By Drupal Study