some user inputs to assign values to the query.
$builder_name = $_POST['name'];
$builder_city = $_POST['city'];
$builder_address = $_POST['address'];
$builder_contact = $_POST['contact'];
$builder_fax = $_POST['fax'];
i have this insert query in my script .
$query = "INSERT INTO builders SET builder_name='".$builder_name."', builder_city='".$builder_city."',builder_address='".$builder_address."',builder_phone='".$builder_contact."',builder_fax='".$builder_fax."',builder_logo='".$targetfile."'";
i want to secure it with prepare statement.so how can i ?
