What is a parameterized query, and what would an example of such a query be in PHP and MySQL?
This is a clear and succinct explanation of what it is, and how it works. How and Why to use Parameterization
Essential the process involves the server preprocessing the request without parameters so it knows the type of query it is. So, for example a SELECT query is only a SELECT query, and cannot be concatenated by a parameter(request variable) to be a SELECT / DROP or some other MySql injection. Instead the injection data will be just string data in the parameter field.