MySQL’s Shielded Data Transformation There’s one big flaw in our previous MySQL insert statement: it’s open to SQL Injection Attacks. Prepared statements virtually eliminate that concern. You tell the SQL server what you’re intending to do and then you give it the data. For example, you can tell the server that you’re planning on inserting data. If you send a delete statement disguised in your insert statement, that doesn’t make sense and will not have the same kind of effect that it would without prepared statements. https://blog.devgenius.io/php-p85-mysql-insert-51a9e3bfedd3 https://medium.com/geekculture/cybersecurity-p9-sql-injections-471de647e8d7 Recap Our Author class had an insert statement that accepted data and inserted it into the authors table. <?php namespace