I wonder if it secure to store value for a prepared query like that :
$notGood = 'yes';
$req = $pdo->prepare('SELECT id_user, name_user, tel_user, a_valid_user FROM user WHERE a_valid_user = ?');
Yes, as long as your variable is represented by a placeholder (
?) in the query, it is safe.
In case you are curious whether it is secure or not to send a variable into execute, it's just a syntax sugar for
bindValue(), which makes PDO extremely convenient in use. So I recommend to use it whenever possible.