When using the password_hash() function to generate a hashed password is there any reason why I would want to use a prepared statement when inserting it into the database?
My assumption is that I do not need to use a prepared statement for the password but for consistency's sake it doesn't hurt to use one.
Additional question:
If I am using the PASSWORD_DEFAULT parameter of the password_hash function, it will currently use the bcrypt algorithm but can be replaced with a different algorithm in the future. Would a future algorithm ever use a single quote or some other symbol that might break the SQL statement if I do not use prepared statements?