这是我需要保护自己免受sql注射等吗?
$statement = $db->prepare(
"INSERT INTO blogs (blogtitle, blogdesc, coverimage, userID, frontpage, tags)
VALUES (:buildtitle, :builddesc, :buildcover, :userid, :frontpage, :addtags)"
);
if ($statement->execute(array(
':buildtitle' => $_POST['addbuildtitle'],
':builddesc' => $_POST['addbuilddesc'],
':buildcover' => $_POST['addbuildcover'],
':userid' => $_POST['adduserid'],
':frontpage' => $frontpage,
':addtags' => $_POST['addtags'])));
我应该添加的任何其他内容或我应该注意的任何其他类型的恶意活动?