0
I am venturing a little with PDO, still at the beginning, and I have a question regarding a query with SQL Injection, follows it:
$insert = "INSERT INTO tabela (campo1, campo2, campo3) VALUES (:valor1,
:valor2, :valor3)";
$db = new db();
$db = $db->connect();
$stat1 = $db->prepare($insert);
$stat1->execute([
":campo1" => $valor1,
":campo2" => $valor2,
":campo3" => $valor3
});
Would that be right? It’s running smoothly, but it’s safe?
Thank you very much, guys!