In their explanations of PDO, I often see informed writers offer example like these two. The first one uses a simple POST in the bindParam and the second assigns it to a variable first. Before I go about swapping out this old Adobe code for PDO, I'd like to know if one is preferable over the other, i.e. more secure or something else.
$stmt = $con->prepare("SELECT whatever FROM whatever WHERE AuthorEmail=:id");
$stmt->bindParam(':id', $_POST['AuthorEmail'], PDO::PARAM_STR);
$AuthorEmail = $_POST['AuthorEmail'];
$stmt = $con->prepare("SELECT whatever FROM whatever WHERE AuthorEmail=:id");
$stmt->bindParam(':id', $AuthorEmail, PDO::PARAM_STR);
