I'm working on a web security presentation, and I was curious to know if PHP supported prepared statements. It looks like as of PHP 5 they do support it with the new mysqli object (mysqli replaces the mysql class with support for mysql 4.