Using a placeholder here is a good idea, assuming the system supports it. In the case of Sybase (yes I know - you're using MS-SQL) this wouldn't be possible, so the solution is to convert the image/binary value to a hex string, like this:
$hex_string = unpack('H*', $output);
$sth = $dbh->prepare("update Table1 set Image = 0x$hex_string where Id
+ = 1");
...