Including variables in queries PDO PHP

Thanks to the binding method, which is one of the most important features of PDO, we can place our variables safely and properly in the queries we prepare.

For this, firstly, we will prepare our query with the prepare method, and we place “?” (question mark). Afterwards, we send our values to the questioned places with the execute method to the query we prepared.

<?php
// We are preparing our query
$query = $db->prepare('INSERT INTO users (name, email) VALUES(?, ?)');
 
// We give the values to the places we specified in the query
$query->execute(array('Baransel', 'email@email.com'));
?>

When we run this statement, the query to run will be as follows;

INSERT INTO users (name, email) VALUES('Baransel', 'email@email.com')

It is very important in terms of the security and order of our application to include all the variables we receive from PDO in our queries with this method while using PDO. Thanks to this method, we are free from SQL injection vulnerabilities.

Including variables in queries PDO PHP

Discover the basics of PHP PDO

You might also like