The prepared statements offer a "placeholder" form, similar to ODBC...which may be better than using the escaping form:
"As an alternative to explicitly escaping special characters, many MySQL APIs provide a placeholder capability that enables you to insert special markers into a statement string, and then bind data values to them when you issue the statement. In this case, the API takes care of escaping special characters in the values for you."
An advantage of using that form would be that it would be more similar to the way the ODBC is implemented.
If the implementation is done in layers, then you can have a higher level form which takes a single parameter...either a string, or a block with the values escaped inline.
See the ODBC-EXECUTE example.
What I suggest is making the C natives about as simple and close to the C API they wrap as possible, and doing the transformative work in usermode code above that.