Parameterized Queries

Question

I am currently learning parametrized queries as there are advantages to using them.

Could someone give some pointers by converting this block of code to a parametrized v

Answer 1

The general rule is: Every variable should be binded, no inline variables at all.

Technical details: http://php.net/manual/en/pdo.prepare.php

Answer 2

in your case there is no advantage, remember a parameterised query requires 2 calls to the db : one to setup the query template and parse, the other to populate the query template params and is typically used when looping. So in this instance you're better off calling a stored procedure (always the best choice) or using inline sql and making sure you use http://php.net/manual/en/function.mysql-real-escape-string.php when applicable.