Hi Craig,
> https://wiki.php.net/rfc/mysqli_execute_query
>
Thanks. Maybe add (or even start with) an example of mysqli_query(), to
show how "migrating to safer" would become easier? retro-fitting your
example of parameterised query:
```
$sql_format = "SELECT * FROM user WHERE name LIKE %s AND type IN (%s, %s)";
/* ... */
$sql_raw = vsprintf($sql_format, array_map(fn ($s) => "'" .
$db->real_escape_string($s) . "'", [$name, $type1, $type2]));
foreach ($db->query($sql_raw) as $row) {
print_r($row);
}
```
Regards,
--
Guilliam Xavier
