$pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (?,?,?)");
$pdo->bindParam(1, $id);
$pdo->bindParam(2, $name);
$pdo->bindParam(3, $branch);
$pdo->execute();
So in this example I only need to really use bindParam on $branch because $name and $id have passed through a strict REGEX using preg_replace.
Is there a way to include these sanitised variables in the statement or any other way to shorten this code?
The short way would be:
$pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (?,?,?)");
$pdo->execute(array($id,$name,$branch));
if you ever wanted to bind parameters, replace the question marks with placeholders:
$pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (:id,:name,:branch)");
$pdo->bindParam(':id', $id);
$pdo->bindParam(':name', $name);
$pdo->bindParam(':branch', $branch);
$pdo->execute();