Hi everyone,
pretty straightforward question, does anybody know if the function "$DB->execute()" use prepared statements, or i have to provide a query already prepared?
It would be a very rare situation in which you should be using $DB->execute() in Moodle, as there are almost certainly better DB functions you should be using instead.
If you really need to use $DB->execute(), then, as with all Moodle DB calls, you should make sure your table names are surrounded by {} (so that Moodle can automatically insert the correct prefix, e.g. 'mdl_' into the name) and all parameters should be passed in as an array (the second param to $DB->execute) - see https://docs.moodle.org/dev/Data_manipulation_API#Placeholders for more details.
i have a query can i used $DB->query to execute select statement