First of all, great job trying to encourage security in PHP applications!
Second, the article you linked to doesn't explain it very well. They also link to the official documentation of PostgreSQL for prepared statements and then they just run performance benchmarks.
I highly recommend you and any other PHP developers check out ParagonIE and PHP Delusions.
And here is a blog post all about preventing SQL injections by ParagonIE.
Another great article about preventing SQL injection is here. Don't forget to check out their tutorial on PDO.
When you're configuring PDO connections, make sure to set PDO::ATTR_EMULATE_PREPARES to false, yes I said FALSE! Although warning, in some specific cases they may fall back to emulated prepared statements without any notice. More about PDO configuration variables here.
Use whitelists for table or column names! Do not "manually sanitize" these values!
FYI, for MySQL, utf8mb4 is UTF-8. Just make sure you use UTF-8 encoding.
PDO is well known, easier, and is used by more people today than mysql_* and mysqli.
Thanks, I'll take the time to update my article, although I'll need a little bit of time, and of sleep.
Edit 1. About the link for prepared statements (link), I made the rookie mistake to read the beginning and skip the end. I'll try to find an article to actually explain the real preparation mechanism.
Maybe you have one I could link?
Edit 2. Didn't change the article about prepared statements, but I'll use the Hitchiker's guide instead.
Edit 3. fixed.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.