PDO execute($input_parameter) protects from sql injections as bindParam/bindValue?

Question

Does execute($input_parameter) protect from sql injections just like bindParam/bindValue?

If the answer is yes, bindParam()/bindValue

Answer 1

Yes, it does the same thing. I cannot say that it is invulnerable, because the underlying SQL engine could itself be vulnerable. But that really isn't in your hands anymore.

So for all practical reasons, yes, its safe.

EDIT: Look at the PHP Documentation (1st and second example). One is with bindParam() and the other uses execute().