What are Prepared Statements and how to use them. Today we will learn how to connect to our database using Prepared Statements, which is also a better method of preventing SQL injection. The basic idea behind Prepared Statements, is to create placeholders in our SQL statements when we send them to our database. Then later we fill in the placeholders with parameters that the user send from a form.