>>12
Well, they do actually support prepared statements.
Though just saying it like that might be a bit nice to them, in that it sounds like the language might actually have one well-thought out, useful feature that doesn't encourage buggy, unmaintainable code by design.
Well, perish the thought. See if you can spot the amazingly retarded API design in the following snippet from their manual pages:
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);
$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;
/* execute prepared statement */
$stmt->execute();