Yes, that works great. This is so, because your code doesn't include variables, it is pure SQL code.
But watch out, if you are doing something like insert into table select * from table where id=$id
, then $id needs to be escaped, because $id is a variable that comes from outside of SQL.