I wanted to know if, based on your experience, you could tell me if this query is safe against code injection.
$sql='UPDATE mano_de_obra SET
detalle=:detalle,monto=:monto,usuario=:usuario
WHERE proforma = :proforma AND codigo_auto=:codigo_auto';
$row=$this->pdo->prepare($sql)
->execute(array(
':proforma' =>$this->datos[0],
':codigo_auto' =>$this->datos[1],
':monto' =>$this->datos[2],
':detalle' =>$this->datos[3],
':usuario' =>$this->usuario));
header("location: crear-facturas-venta.php?prof=".$this->datos[0]."");
exit;