query($query); // good, use prepare statement to minimize chance of sql injection // $query = "SELECT * FROM person WHERE name = :name"; // $statement = $db->prepare($query); // $statement->bindValue(':name', $name); // $statement->execute(); $results = $statement->fetchAll(); $statement->closecursor(); return $results; }