Parameter binding mandatory with hash format query?

Hi guys,

Is parameter binding a must with hash format query to protect against SQL injection? Doc specifies only when using the string format.

Thanks,

Alex