It's not to prevent injection attacks per se, but in an app I'm working on now, everything gets passed through a
s/'//g to prevent any accidental SQL interpretation. That should take care of any single quotes, and coupled with using place holders, I can't think of how anything would get through.
Then again, it's getting late and my imagination is a little tired :)
Update: Maybe I should have clarified that it's a pretty specific environment where single quote characters shouldn't exist, per client instructions.