FAQ: Mention named arguments and discourage manual escaping (#5377)

Updates the FAQ:

- Mentions named arguments in the parameter order entry.
- Adds a note discouraging manual escaping in the addslashes entry,
  recommending prepared statements and parameter binding instead.

faq/using.xml

@@ -12,7 +12,6 @@
   <qandaset>
 
    <qandaentry xml:id="faq.using.parameterorder">
-    <!-- TODO: Mention named arguments -->
     <question>
      <para>
       I cannot remember the parameter order of PHP functions, are they random?
@@ -29,6 +28,10 @@
       <link linkend="book.strings">String functions</link> are the opposite,
       so "<emphasis>haystack, needle</emphasis>".
      </para>
+     <para>
+      As of PHP 8.0, <link linkend="functions.named-arguments">named arguments</link>
+      allow passing arguments by parameter name, making parameter order less of a concern.
+     </para>
     </answer>
    </qandaentry>
 
@@ -79,7 +82,6 @@ if (empty($empty)) {
    </qandaentry>
 
    <qandaentry xml:id="faq.using.addslashes">
-    <!-- TODO Probably should mention not doing this... -->
     <question>
      <para>
       I need to convert all single-quotes (') to a backslash 
@@ -98,6 +100,12 @@ if (empty($empty)) {
       <function>stripslashes</function> functions, that are more
       common with older PHP code.
      </para>
+     <para>
+      Manually escaping values is error-prone and depends on context.
+      Prefer using database APIs that support prepared statements and
+      parameter binding instead of constructing queries by concatenating
+      escaped strings.
+     </para>
     </answer>
    </qandaentry>