? is the placeholder. It serves great use and it protects you against SQL injection attacks, by automatically quoting (and thereby neutralising) any "dangerous" characters.
Of course you should add the usual or die ... checks to make sure no error happened. Also you have to verify the format of the DD_MM_YYY field to make sure your query sends in the timestamp in the right format.
A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James