query($query); // good, use prepare statement to minimize chance of sql injection $query = "SELECT * FROM person WHERE name = :name"; $statement = $db->prepare($query); $statement->bindValue(':name', $name); $statement->execute(); $results = $statement->fetchAll(); $statement->closecursor(); return $results; }