What does bind_param accomplish?

What does bind_param accomplish?

I'm learning about avoiding SQL injections and I'm a bit confused.
When using bind_param, I don't understand the purpose. On the manual page,
I found this example:
$stmt = mysqli_prepare($link, "INSERT INTO CountryLanguage VALUES (?, ?,
?, ?)");
mysqli_stmt_bind_param($stmt, 'sssd', $code, $language, $official, $percent);
$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;
Now, assuming those 4 variables were user-inputted, I don't understand how
this prevents SQL injections. By my understanding, they can still input
whatever they want in there.
I also can't find an explanation for the 'sssd' in there. What does it do?
Is that what makes it secure-er?
Final question: I read on another question that mysqli_real_escape_string
is deprecated, but it doesn't say that in the manual. How is it
deprecated? Can it not escape special characters anymore for some reason?
Note: This question explained what bind_param does, but I still don't
understand why it is any safer or more protected. Bind_param explanation