Sorry, I posted earlier to PERL docs, vs PHP docs. But same difference
Also, still wrong forum.
Binding aka using "prepared statements" in PHP's mysqli extension allows separation of data from the code. See http://php.net/manual/en/mysqli-stmt.bind-param.php
Binding helps prevent SQL Injection attacks. It's also a pathway to getting better performance. The MySQL dev team have been doing some restructuring for this: Re-factoring some internals of prepared statements in 5.7 | MySQL Server Blog
For follow up questions, the PHP forum is at: https://community.oracle.com/community/development_tools/php
This is parametrized query. ? is variable space where programmer passes values at run-time.