CB

Prepared statements offer higher security and re-usability when variables are used in the query. It's also cleaner to write when replacing variables instead of having those variables inline with the query.

http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

Probably just needs a prepare and execute function added to the driver. The query API in general likely needs to be scrubbed of all old usages and updated for latest practices regardless.