Well yeah, but you were referring to PDO statements, which are used for database.
But, that's besides the original subject of your thread, so lets drop the discussion
Getting back to your original post though, are you using MySQL or MySQLi? If the answer is MySQL, you should really switch to using the MySQLi library. For one PHP will drop support on MySQL with the next major release (or so the rumours go), secondly it support OOP and thirdly it has real_escape_string to
Oh, and it's just generally better, faster and safer. Or so they say.