It makes perfect sense to me to use prepared statements in a query of the following type:
$sqlQuery = "SELECT phone FROM contact WHERE name = ? ";
However, in the following situation, does it make sense and is it useful to use prepared statements, as sometimes seen?
$sqlQuery = "SELECT name FROM contact";
Thanks in advance
If you are running a query without any user-entered variables, you can just do:
$db->query("SELECT name FROM contact")
As soon as you start entering in user-inputted data, then you need to use a prepared statement.
$db->prepare("SELECT phone FROM contact WHERE name = ?");
Generally, prepared statements only need to be used when user input is concerned. It's perfectly fine to use them in situations when no user input is concerned as well - If you're using PDO you may find it more convenient to use the same PDO connection string and query process as before, as using a different function set would require you to reopen the connection.