Updating into string function mssql
If no variables are going to be used in the query, you can use the PDO::query() method.
It will run your query and return special object of PDOStatement class which can be roughly compared to a resource, returned by function and thrown into the harsh world of Data Objects: PDO has prepared statements support out of the box.
It is slightly faster than performing the same query again and again, as it does query parsing only once.
So you can tell that as long as your data can be represented in the query as a numeric or a quoted string literal - it can be bound.
We have seen this function already, but let's take a closer look.
It fetches a single row from database, and moves the internal pointer in the result set, so consequent calls to this function will return all the resulting rows one by one.
Please note that positional placeholders let you write shorter code, but are sensitive to the order of arguments (which have to be exactly the same as the order of the corresponding placeholders in the query).
While named placeholders make your code more verbose, they allow random binding order.