Are PHP MySQLi prepared queries with bound parameters secure?

Question

Historically, I\'ve always used

mysql_real_escape_string()

for all input derived from users that ends up touching the database.

Now

Answer 1

Yes. Using the prepared query will escape parameters.