What are placeholders in DBI, and why would I want to use them? doesn't seem to indicate that the fields are escaped in any way ... but they might be.

You might want to read this and read the docs on $dbh->prepare() and $dbh->quote()