1. Position parameters
Use the bindParam() function instead of providing the value directly.
$tis = $conn->prepare("INSERT INTO STUDENTS(name, age) values(?, ?)");
$tis->bindValue(1,'mike');
$tis->bindValue(2,22);
$tis->execute();2. Named parameters
Named parameters are also preprocessing statements that map values/variables to named positions in the query. Since there are no positional bindings, it is very efficient in queries that use the same variable multiple times.
$name='Rishabh'; $age=20;
$tis = $conn->prepare("INSERT INTO STUDENTS(name, age) values(?, ?)");
$tis->bindParam(1,$name);
$tis->bindParam(2,$age);
$tis->execute();The above are the two preprocessing statements of php PDO. I hope it will be helpful to everyone.