I'm a new come to PDO and I want to better understand how PDO handles "escaping" characters that would otherwise prove problematic.
With mysqli, I've got a string that I'm getting ready to insert into my database and I would "prep" it using something like:
$headline = mysqli_real_escape_string($cxn, trim($_POST['name']));
With PDO, I'm thinking that funcationality is being handled by the dynamic that's included with "bindValue"...
$mssql_stmt_11->bindValue(':headline', $headline, PDO::PARAM_STR);
If that's accurate, then what happens when you're using something like this:
$mssql_stmt_11=$mssql_pdo->prepare("insert into tmp_Results_1
$mssql_stmt_11->execute(array($series, $stat, $int_value, $int_stat, $project_name));
I really like the last example, just because there's a lot less "typing" and with that less opportunity to make a mistake, although you do need to keep close track of the order in which you document your variables.
But how is the data being "prepped?" With the "bindValue," it would appear it's occuring with the PDO::PARAM_STR (what do you call taht by the way?). But how is it happening when you're using the question mark placeholder / array approach?