Great thanks to all the replies. I had no idea using placeholders helps in preventing SQL-injection. Will always use that method from now on.