If you use placeholders similar to this or like in the insert_hash() example
Yes, placeholders work, but I consider them worse than manually quoting what needs to be quoted. There's no benefit to doing a single prepare then feeding in parameters to the $sth when you only do a given query once, and Manually quoting the right values also acts as a reminder to think about them - and things like input validation.
I guess what I'm saying is that there's really a limit to what can be done profitably through automation, at least in this case.