What is parameterized query?

Question

What is a parameterized query, and what would an example of such a query be in PHP and MySQL?

Answer 1

A parameterized query is a query in which placeholders are used for parameters and the parameter values are supplied at execution time.

Why use Parameterized Query

1. The most important reason to use parameterized queries is to avoid SQL injection attacks.
2. Secondly parameterized query takes care of scenario where sql query might fail for e.g. inserting of O'Baily in a field. Parameterized query handels such query without forcing you to replace single quotes with double single quotes.