Hey,

that's actually absolutely correct. That's a feature called "Prepared Statements". Basically what's happening is there is a placeholder set in the query string (the question mark) and the query you are seeing is being "prepared" (so it says "Hey SQL, there will be this query but I don't know all the values yet. I'll just tell you where to put them later and as soon as I know them you can execute the queries with the values. All those values should NOT be SQL so just treat them as strings please!").

This is a big security factor since the values of those placeholders get treated as strings (or numbers or bools) but never as SQL Code which might change your query in a malicious way.

As soon as you execute the query (with get() or first() for example) all the placeholders automatically get replaced by the values you set for them in your where() methods.