Manticore Search supports prepared statements over the MySQL protocol, providing a secure way to build queries by separating SQL logic from user-supplied data. The post explains the three-step prepare/bind/execute flow, covers two placeholder types — `?` for scalar values and `?VEC?` for numeric vectors/MVAs — and shows practical PHP mysqli examples for both simple inserts and float-vector inserts. Key limitations are also noted: no multi-queries per statement, potential numeric type issues with some drivers (e.g., Node.js mysql2), and a sqlx-specific requirement to access result columns by index rather than name.
Table of contents
Why Use Prepared Statements?How They WorkParameter Placeholders: ? & ?VEC?Example: prepared statements in PHPImportant Considerations & LimitationsConclusionSort: