Are you implying that there's a way to get past escaping...? That's a new one to me. I thought escaping was precisely so you can put any value in a string and have it still work.
Yes, but you had better be 100% sure that your escaping function is completely reliable, and the server hasn't introduced some new syntax since you wrote it that you aren't escaping properly.
I would trust parameters much more (although I have used proper escaping in the past).
A few popular database drivers use escaping under the hood for parameterized query arguments. mysql2 ruby gem (and any rails stack on top of it) for example.
