DBStatement<a> prepare(DBHandle<a> con, String query)
con: The database connection
query: The query template. This may contain replacement characters at some places (consult the manual for the specific database to find out what replacement syntax should be used) which will be replaced with variables in the execPrepared function.
Prepare a database query. Prepared queries can then be executed later, using a parameter-replacement method that generally avoids SQL injection attacks.
st = prepare(con,"SELECT * FROM Users WHERE username = $1");