Unless you have unsafe values in that database (for 'state') I don't see why you'd need placeholders here.
The idea of placeholders for security is for when the values that are passed to the SQL are untrusted. When you just got them from your own database there is no risk, as far as I can see (provided, of course, that there is no rubbish in the data-providing table(s)).
Don't forget placeholder-usage comes with a price. It's becomes harder for the planner to pick a good execution plan (as it has less precise/constant information/statistics about what it is that the query has to do).