我如何用准备好的语句过滤值以保持安全性?

我使用预处理语句主要是为了防止SQL注入。现在我还需要过滤一个ENUM类型。但是我应该如何在准备好的语句中使用它来维护安全性呢?

我有一个地址表，需要过滤用户的发票地址。我怎么做才能保证安全?还是无所谓?

我能想到两个选择。"Invoice">

public function getCustomerInvoiceAddresses($customerNumber)
{
$query = 'SELECT contactPerson, company, street, zipCode, city, deliveryMethod 
FROM address 
where FK_customerNumber = ? 
AND addressType = ?';
$paramType = 'is';
$paramValue = array(
$customerNumber,
"Invoice"
);
$invoiceAddressArray = $this->ds->select($query, $paramType, $paramValue);
return $invoiceAddressArray;
}

SELECT

public function getCustomerInvoiceAddresses($customerNumber)
{
$query = 'SELECT contactPerson, company, street, zipCode, city, deliveryMethod 
FROM address 
where FK_customerNumber = ? 
AND addressType = "Invoice"';
$paramType = 'is';
$paramValue = array(
$customerNumber
);
$invoiceAddressArray = $this->ds->select($query, $paramType, $paramValue);
return $invoiceAddressArray;
}

或者我应该传递字符串"Invoice"当我调用函数的时候?

$invoiceAddresses = $customer->getCustomerInvoiceAddresses($customerNumber, "Invoice");