1. Position parameters
Use the bindParam() function instead of providing the value directly.
$tis = $conn->prepare("INSERT INTO STUDENTS(name, age) values(?, ?)"); $tis->bindValue(1,'mike'); $tis->bindValue(2,22); $tis->execute();
2. Named parameters
Named parameters are also preprocessing statements that map values/variables to named positions in the query. Since there are no positional bindings, it is very efficient in queries that use the same variable multiple times.
$name='Rishabh'; $age=20; $tis = $conn->prepare("INSERT INTO STUDENTS(name, age) values(?, ?)"); $tis->bindParam(1,$name); $tis->bindParam(2,$age); $tis->execute();
The above are the two preprocessing statements of php PDO. I hope it will be helpful to everyone.