Prepared statements in Manticore Search increase security by preventing SQL injection and make it easier to build queries since you don't have to worry about escaping in many cases. Learn how to use them over the MySQL protocol.

Manticore

Manticore Search supports prepared statements over the MySQL protocol, providing a secure way to build queries by separating SQL logic from user-supplied data. The post explains the three-step prepare/bind/execute flow, covers two placeholder types — `?` for scalar values and `?VEC?` for numeric vectors/MVAs — and shows practical PHP mysqli examples for both simple inserts and float-vector inserts. Key limitations are also noted: no multi-queries per statement, potential numeric type issues with some drivers (e.g., Node.js mysql2), and a sqlx-specific requirement to access result columns by index rather than name.