Kamil has been working on a proof of concept for a
`mysqli_execute_query($sql, $params)` function, and I've written up a draft
RFC for it:


It's continuing the work Kamil has done with the "mysqli bind in execute"
RFC [1], to make parameterised MySQLi queries even easier, by creating a
single function that takes the SQL and Parameters and
returns mysqli_result|false.

While this can be implemented in userland, the focus is on trying to make
parameterised queries as easy as possible, so developers are less less
likely to use risky escaping.


[1] https://wiki.php.net/rfc/mysqli_bind_in_execute

Reply via email to