Do PHP PDO prepared statements need to be escaped?

Question

On the PDO::Prepare page it states,

\"and helps to prevent SQL injection attacks by eliminating the need to manually quote the parameters\"

Answer 1

If you prepare a statement and use bindParam or bindValue to supply variables, you do not need to escape the variables. Note that these functions assume that the variable contains a string, so use the third parameter to bindValue if you want to use booleans or floats.