If I do prepare/bind, then do execute, that will be two trips to the server.
I need the quoting/escaping functionality + security features, but I don't want two trips to the server.
None of my queries will be re-executed on the same channel, so I have no performance saving.
Is there not some "local" implementation that takes a parameterised sql string and creates SQL that can be sent + executed once?
In other words, a local implementation of prepare+bind that is not done on the mysql server?
Or am I not seeing the big picture?
No, there is no way to get it with mysqli prepared statements.
However, PDO offers you such a functionality, which, despite the widespread delusion, is perfectly safe.