No, you can't do it with prepared statements because Mongo does not support them.
As an alternative, the PHP manual says this:
If you are passing $_GET (or $_POST) parameters to your queries, make sure that they are cast to strings first. Users can insert associative arrays in GET and POST requests, which could then become unwanted $-queries.
It suggests using filter_var() for this.
