Does using prepared statements in Zend_DB or Doctrine protect me from sql injection?example:\[code\]$stmt = $db->prepare('SELECT * FROM users WHERE name = ? AND password = ?');$rs = $stmt->execute('peter', 'secret');\[/code\]Or do I have to check strings and types types myself?Another quickie: Which of the two is best? I only need the DB abstraction (w/ statements, procedures, and transactions).