I'm looking to refactor some legacy PHP code, and I know that PDO is more secure with the addition of prepared statements and such, but I am wondering if there are any security benefits of using the PDO::query() method vs. the mysql_query() method. Are there?
Short of a bug in PDO or mysql_*, the security issues with database queries are dependent on the query being ran, not what is used to connect to the database.
If you create an insecure query with userdata and execute it with PDO::query(), it is just as insecure as it is with mysql_query(). Likewise, if you have a secure query, running it with PDO::query() is effectively the same as with mysql_query().