Using placeholders (the question marks) has two advantages I can see:

1) You can reuse the same prepared statement more than once (by binding different values), saving execution time.

2) You don't have to validate (in the case of numerical args) or escape (in the case of string args) the arguments, as you would have to do if you were including them directly into the SQL statement.