It’s definitely a good practice to use prepared statements for SQL queries. Apart from other things, SQL injections are eliminated without necessity to escape data. For PHP and MySQL mysqli prepared statements are probably the most common prepared statements solution. But I don’t like one of their aspects.
[...]