Prepared Statements, Blind SQL injection e SQL Injection