Are PDO Prepared Statements Enough to Prevent SQL Injection in PHP? | CodeTrail