The prepared statements are prepared because you create markers for the PDO to insert values, and these values ββcan be called (for example, accountId ,: url), where the PDO will find a named marker or positional (in particular, a question mark (?)), Where the PDO will be Insert values ββinto marker placement order.
eg:
$ query = "SELECT user_id FROM users WHERE username =?";
$ statement = $ pdo-> prepare ($ query);
$ statement-> execute (array ("John Smith"));
Pay attention to the distinct absence of named parameters (in particular, using "instead of": username), the positioning style is used instead. This is just a personal choice for using one or the other, although I believe that using named parameters is clearer when debugging.
Anyway. This means that you do not need to indicate whether you are using prepared statements, and you do not have to worry about introducing SQL when using prepared statements.
Now what really happens, PDO asks the database driver (MySQL, PostgreSQL, MS SQL, Oracle, etc.) to prepare an instruction, but if the database driver cannot prepare it, PDO will simulate this function. This is when things start to get confused, but you can safely forget about it and just remember to use prepared statements with parameters.