Hi, Kamil has been working on a proof of concept for a `mysqli_execute_query($sql, $params)` function, and I've written up a draft RFC for it:
https://wiki.php.net/rfc/mysqli_execute_query It's continuing the work Kamil has done with the "mysqli bind in execute" RFC [1], to make parameterised MySQLi queries even easier, by creating a single function that takes the SQL and Parameters and returns mysqli_result|false. While this can be implemented in userland, the focus is on trying to make parameterised queries as easy as possible, so developers are less less likely to use risky escaping. Craig [1] https://wiki.php.net/rfc/mysqli_bind_in_execute