How do prepared statements help prevent SQL injection attacks?
1) Query parameters are sent in the body of a POST request
2) Queries are appended with an authorization token
3) Query language is kept separate from user supplied data
4) Queries submitted by users are HTML entity encoded