Currently the way I execute queries is like this:
$this->query(sprintf('insert into mytable values (%d, "%s")',
$a, $this->esc($b)));
But I want to implement auto escaping and so I want to wrap prepared statements so that I can do this:
$this->query('insert into mytable values (?, ?)',
$a, $b);
Does it make sense for my query() method to wrap prepared statements for executing single queries?
To have such a function is actually the only sane way.
While using raw API functions right in the application code, so much advertised on this blessed site of Stack Overflow, is one of the worst practices ever.
And yes, it makes sense even for the single query execution. As the only prepared statement's purpose is to format your query properly and unconditionally.
Though, to create such a function for mysqli using native prepared statements is a durn complex task. One need A LOT of experience and research to accomplish it.
Say, only to add an arbitrary number of parameters to a query, you will need a screenful of code: Bind multiple parameters into mysqli query
And you will need twice as that to get your results into array!
However, for the emulated approach it would be much easier, and you may consider my attempt for such a function (a set of functions actually) called safeMysql. But err... it seems I told you if it already.
