Even assuming it's correct, I don't think that's a good enough guarantee. Prepared statements are as close as it gets to 'demonstrably correct', really smart escaping might be 'probably correct', but I will pick demonstrably over probably any day, especially in a web environment.