<div>
<div class="content wysiwyg-content">
Simple question I am sure. &nbsp;<br />
<br />
Is this considered a prepared statement in SQL Server in PHP? &nbsp; Is this method the safest way when following the ideas of prepared statements for PHP in SQL Server?<br />
<br />

<pre><code id="code-10-28575454-1">$sql = &quot;SELECT * FROM table.toys WHERE Id= ? or Id= ?&quot;;
$params = array(3,5);//relative to the two ? above

$stmt = sqlsrv_query( $conn, $sql, $params);</code></pre>
</div>
</div>


Simple question I am sure.  

Is this considered a prepared statement in SQL Server in PHP?   Is this method the safest way when following the ideas of prepared statements for PHP in SQL Server?

(CODE)

sqlsrv_query considered prepared statement

Microsoft SQL Server 2008 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. Major improvements include the  Always On technologies and support for unstructured data types.

Microsoft SQL Server 2008

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.