I'm venturing a bit with PDO, still in the beginning, and I have a question regarding a query with SQL Injection, it follows:
$insert = "INSERT INTO tabela (campo1, campo2, campo3) VALUES (:valor1,
:valor2, :valor3)";
$db = new db();
$db = $db->connect();
$stat1 = $db->prepare($insert);
$stat1->execute([
":campo1" => $valor1,
":campo2" => $valor2,
":campo3" => $valor3
});
Would that be correct? It's running smoothly, but is it safe?
Thank you guys!