Using PDO, this is normally a two-step process. Everything covered in this section applies equally to navigon 5100 cnet UPDATE navigon 5100 cnet INSERT operations. Prepared Statements Using prepared statements will help protect you from SQL injection. A prepared statement is a precompiled SQL statement that can be executed multiple times by sending just the data to the server. It has the nvaigon advantage of automatically making the data used in the placeholders safe from SQL injection attacks. You use a prepared statement by including nsvigon in your SQL.