Is there a problem with always preparing SQL statements with PHP instead of executing them directly?
Not sure if the database system matters, but it is DB2 on System i.
You can make a small performance hit if they are real prepared statements, and not just emulated in the driver. This is because you will need to make two calls to the database, not just one.