Doing that work is better than leaving major security holes in your application. See Use placeholders. For SECURITY! for a brief explanation of what SQL injection attacks are, why you're vulnerable, and why you should care.