Well -
injunjoel mentioned the possibility of using the
INSERT into foo SET bar = ?, ... syntax to execute an insert with placeholders. I just wanted to point out that using
INSERT ... SET ... is not part of the SQL standard (AFAIK). It may be tempting to use because it is of course very similar to
UPDATE ... SET ... WHERE, but your code will not be portable to other database engines if you decide to use it.
As others have pointed out, it is always good to be explicit when writing SQL statements. This means writing
INSERT into the_table(foo, bar, baz) values(...)
instead of
INSERT into the_table values(...)
and
SELECT foo, bar, baz FROM the_table WHERE ...
instead of
SELECT * FROM the_table WHERE ...
It requires a little more typing, but it clarifies things, and will make errors more obvious.
Michael