I thought $wpdb->prepare() had been working for me. I really did. What I hadn’t realized, or taken the time to learn, was that prepare() functions similarly to printf(), taking placeholders for arguments provided after the query that is being prepared, i.e. $wpdb->prepare("SELECT * FROM table_name WHERE id = %d AND title = %s SORT BY date DESC", $id, $title); with %d representing an int ($id) and %s representing a string ($title).
Using it with my query as the only argument, prepare() wasn’t having any effect on it at all. Not that my queries were trash, but Garbage In, Garbage Out so to speak.
