$pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (?,?,?)");
$pdo->bindParam(1, $id);
$pdo->bindParam(2, $name);
$pdo->bindParam(3, $branch);
$pdo->execute();
So in this example I only need to really use bindParam on $branch because $name and $id have passed through a strict REGEX using preg_replace.
Is there a way to include these sanitised variables in the statement or any other way to shorten this code?