I have seen a JavaScript - SQLite code.
transaction.executeSql('INSERT INTO files (name, filedata_id) VALUES (?, ?);', [ '"+name+"', results.insertId], nullDataHandler, killTransaction);
Is there any counterpart for these placeholders in PHP - MySQL that can achieve the same and protect from SQL Injection?
Yes, see PDO. However, you should still validate user input.