Basically i have not been able to find anything stating otherwise that
Executing with the parameters included is equal to
$sth->bindParam(1, $var1, PDO::PARAM_INT);
$sth->bindParam(2, $var2, PDO::PARAM_STR, 12);
Executing with the parameters defined in bindParam() Security wise.
Using bindParam seems more secure to me because it defines the data type.. (like PDO:ARAM_INT)
Can anyone Clarify if either is superior to the other in security, Please and Thanks