Leaderboard

It's a prepared statement, hence the prepare() method called on the $connection object. It's the correct way to run a query in PHP these days, so well done! In the SQL statement passed to the prepare() method, the `:username`, `:emailbox`, and `:passwordbox` are placeholders in the query. When you pass an array to execute(), that array contains the values to use in those placeholders, so the ':username', ':emailbox', and ':passwordbox' there are keys for the array so that SQL knows which value to plug in to each placeholder. Basically, using prepared statements blocks a potential avenue that hackers can use to attack your database or get your data. There are other benefits to prepared statements, but that's kind of the biggest and more pertinent for most systems.