I am currently learning parametrized queries as there are advantages to using them.
Could someone give some pointers by converting this block of code to a parametrized v
The general rule is: Every variable should be binded, no inline variables at all.
Technical details: http://php.net/manual/en/pdo.prepare.php
in your case there is no advantage, remember a parameterised query requires 2 calls to the db : one to setup the query template and parse, the other to populate the query template params and is typically used when looping. So in this instance you're better off calling a stored procedure (always the best choice) or using inline sql and making sure you use http://php.net/manual/en/function.mysql-real-escape-string.php when applicable.