First, the simple stuff...
After calling prepare() on a statement with placeholders:
$sth = $dbh->prepare(“select * from table where k1=? and k2=?”);
Values need to be assigned (‘bound’) to each placeholder before the database can execute the statement
Either at execute, for simple cases:
or before execute:
$sth->bind_param(1, $p1);
$sth->bind_param(2, $p2);
$sth->execute;