O'Reilly logo
  • Ignace CARIA thinks this is interesting:

parameterized queries

From

Cover of DevOpsSec

Note

PHP
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);