php pdo: bindValue or BindParam doesn't modify the prepared statement

[DutchOwnage]

Using latest php in order to create a function that adds a row to table user.\[code\]class targil_db { private $_pdo; public function __construct() { // username: root password: <blank> database: targil $this->_pdo = new PDO( 'mysql:host=127.0.0.1;dbname=targil', 'root', '' ); }function addUser($username, $password) { $md5password = md5($password); $sql = <<<SQL "INSERT INTO user (username,password) VALUES username,assword)"SQL; $stmt = $this->_pdo->prepare($sql); $stmt->bindValue(':username', $username,PDO:ARAM_STR); $stmt->bindValue('assword', $password,PDO:ARAM_STR); $stmt->execute();}}\[/code\]when i execute the addUser function, this is the query that i see executed on the mysql log file: \[code\]INSERT INTO user (username,password) VALUES username,assword)\[/code\]as you can see it did not replace the :varname into the proper value.what am i missing ?I tried both bindValue and bindParam but i got the same results.thanksupdateeven when i change \[code\]:username\[/code\] and \[code\]assword\[/code\] to \[code\]?,?\[/code\] and i use\[code\]bindValue(1,$username)\[/code\] and \[code\]bindValue(2,$password)\[/code\] i get the same results.the query that get executed actually still has \[code\]?,?\[/code\] in it instead of the actual variables.