What are the advantages of using prepared statements over direct SQL queries in PHP for database operations?

Using prepared statements in PHP for database operations provides several advantages over direct SQL queries. Prepared statements help prevent SQL injection attacks by separating SQL logic from user input. They also improve performance by allowing the database to optimize the query execution plan. Additionally, prepared statements make it easier to reuse and maintain SQL queries in your code.

// Using prepared statements in PHP for database operations
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();
$results = $stmt->fetchAll();