官方文档
https://www.php.net/manual/zh/pdostatement.bindparam.php
https://www.php.net/manual/zh/pdostatement.bindvalue.php

先说结论

PDOStatement::bindParam 是引用,&$variable 在 PDOStatement::execute() 时取值(值是后置的)
PDOStatement::bindValue 是传值,$value 在绑定时取值

示例

$sex = 'male';
$s = $dbh->prepare('SELECT name FROM students WHERE sex = :sex');
$s->bindParam(':sex', $sex); // use bindParam to bind the variable
$sex = 'female';
$s->execute(); // executed with WHERE sex = 'female'
$sex = 'male';
$s = $dbh->prepare('SELECT name FROM students WHERE sex = :sex');
$s->bindValue(':sex', $sex); // use bindValue to bind the variable's value
$sex = 'female';
$s->execute(); // executed with WHERE sex = 'male'

以上两个案例的区别,bindParam 中 $sex 取值,是最后赋值的 'female',而 bindValue 是执行语句时的 'male'