Yes. A prepared statement uses binding variables ("?"). The database driver escapes the strings passed to those variables. That way someone can't change your query to a different or destructive one. Search for "sql injection" for some examples.
There's also the benefit that you don't have to write code which escapes quotes according to the rules of your specific database, and you don't need to write code which formats dates and timestamps according to those rules either.