is this all i need to protect myself from sql injections etc?
$statement = $db->prepare(
"INSERT INTO blogs (blogtitle, blogdesc, coverimage, userID, frontpage, tags)
VALUES (:buildtitle, :builddesc, :buildcover, :userid, :frontpage, :addtags)"
);
if ($statement->execute(array(
':buildtitle' => $_POST['addbuildtitle'],
':builddesc' => $_POST['addbuilddesc'],
':buildcover' => $_POST['addbuildcover'],
':userid' => $_POST['adduserid'],
':frontpage' => $frontpage,
':addtags' => $_POST['addtags'])));
Anything else i should add or any other type of malicious activity i should be aware of?
