mysql: PHP code to insert the phone number and the IP address in a table if it is not already present

I am currently coding a php script that connects to a database and inserts a phone number and an IP address if any of the elements is not present in the table. I think I have completed it and it is working, but I want to make sure that I have used the best security practices. I have read here how to connect to mysql and consult it using a PDO and a prepared statement. I also read in the stack overflow that I had a fantastic explanation on how to do this, however, now it has some years.

I would like to know if my code follows current best practices and is safe against SQL injection. I'm new to php and mysql, so all help is welcome, even if it's just a link to a useful page.

yes (isset ($ _ POST['submit']))
{
//user data
$ name = $ _REQUEST['fullname'];
$ numeros = $ _REQUEST['number'];
$ bedrooms = $ _REQUEST['bedrooms'];
$ date = $ _REQUEST['date'];
$ movingFrom = $ _REQUEST['from-postcode'];
$ movingTo = $ _REQUEST['to-postcode'];
$ typeOfJob = $ _REQUEST['typeOfJob'];
$ additionalInfo = $ _REQUEST['message'];
$ ip = $ _SERVER['REMOTE_ADDR'];
$ id = NULL;
// connection variables
$ host = & # 39; localhost & # 39 ;;
$ user = & # 39; root & # 39 ;;
$ pass = & # 39; & # 39 ;;
$ db = & # 39; search & # 39 ;;
$ chset = & # 39; utf8mb4 & # 39 ;;
$ dns = "mysql: dbname = $ db; host = $ host; charset = $ chset";
$ options = [
PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES   => false,
];

try {
// Try to create a new PDO object and pass the vars
$ connection = new DOP ($ dns, $ user, $ pass, $ options);

// prepare the database for data and executions
$ stmt = $ connection-> prepare ("SELECT id, numbers, ip FROM numbers");
$ stmt-> execute ();

// Go through the table and check the numbers and the ips
// If present, set var to true and break loop
$ present = false;
foreach ($ stmt-> fetchAll () as $ k => $ v)
{
yes ($ v['ip'] == $ ip or $ v['numbers'] == $ numbers)
$ present = true;
break;
}
// If the data is present, I will be redirecting and informing the user.
yes ($ present)
{
// ALL: send to different pages
"present" echo;
}
// Insert the data in the table.
plus
{
$ sql = "INSERT INTO numbers (id, numbers, ip) VALUES (NULL, & # 39; $ numbers & # 39 ;, & # 39; $ ip & # 39;)";
$ stmt = $ connection-> prepare ($ sql);

$ stmt-> bindParam (& # 39 ;: id & # 39 ;, $ id);
$ stmt-> bindParam (& # 39 ;: numbers & # 39 ;, $ numbers);
$ stmt-> bindParam (& # 39 ;: ip & # 39 ;, $ ip);
$ stmt-> execute ();
echo "woohoo";
}
} catch (PDOException $ e) {
echo & # 39; Exception captured: & # 39 ;, $ e-> getMessage (), " n";
}

There is more code in the if statement, but it is irrelevant here as it is for the html.

Thank you