How do prepared statements work on an SQL level?

Question

Until now, I hapily lived with the escaping functions and the paradigm that clients communicates with the server using just sql commands:

select * from table where name = 'O\'Hara';

In the case of PDO, where you just create some template and feed it with different data, this paradigm is very likely broken. If not, the PDO would have to just call the escaping function itself, and there would really be no reason to use it (wouldn't be any different from escaping it yourself).

So, if the SQL communication paradigm between client and server is broken, how does it work? Are the queries no more send as SQL commands? Is it some extension of MySQL protocol? Is the MySQL protocol far more rich than just SQL conversation? Does it work in general, e.g. using remote server? Are there any limits for this feature compared to bare SQL commanding?

I have tried going through the mysql docs but haven't found anything relevant.

Answer 1

Therory:

Prepared statements are indeed a feature on protocol level, meaning the client sends the query template first and the parameters in second request. Also the client can send multiple data requests for the same - already prepared - query. (That's why the name)

Reality:

The PDO code is written in a way, that it not utilizes the protocol feature, it really just escapes the values and replaces the placeholders in the statement with that escaped values and then sends a regular SQL query to the server.