Possible duplicate:
Php PDO :: bindParam .. data types .. how does it work?
Say, for example, that I have the following prepared statement:
$sth = $dbh->prepare('SELECT `name` FROM `user` WHERE `user_id` = :user_id');
I could bind the user_id parameter as follows:
$sth->bindValue(':user_id', $user_id_value);
And I will still be safe from SQL injection.
However, bindValue () is also an optional parameter called data_type, which allows you to set an explicit data type. Example:
$sth->bindValue(':user_id', $user_id_value, PDO::PARAM_INT);
This allows me to indicate that user_id will be an integer.
: data_type bindValue, SQL ? ? , ? , ?