Hi ,

The simple answer to this question is NO. The Parameterized or prepared statements are usually good enough to prevent SQL injection but not fully. If you do not set the character encoding...