A prepared statement will automatically do a normal SQL comment of single quotes (if you tell the engine you use double quotes instead of single quotes for strings, it will do the same with those etc).
If you take a look on the example below, this is how your string would look "internally" after you bind it to the prepared statement. It will add enclosed single quotes since you tell its a string, and any single quotes inside the string will get one more appended to it.
However when the insert is completed, it would look exactly the same as the string you originally had.
'<p>Debbie''s ride to work was late today, so she grabbed the bus.</p>'