I use a similar algorithm but only with authenticated users (like an admin) and never with public facing pages... NEVER TRUST un-authenticated input. That said, here is how I programmatically create the binder for the placeholders.
try {
$stmt = $DB->prepare($query);
if ($bind!=null) {
$cnt = count($bind);
if ($cnt>1) { //mulitple binders
$t=1;
for($i=0;$i<$cnt;$i++) {
$stmt->bindParam($t,$bind[$i]);
$t++;
}
} else { //single binder
$stmt->bindParam(1,$bind);
}
}
if($stmt->execute()) {
while ($row = $stm