Some things that will shorten the process for you.
1 - When you have a script that is going to make a db query, make the connection at the top and let it exist for the duration of the script. PHP will close it automatically once the script goes away so don't even worry about it.
2 - Writing your query statement inside of function call (as you have done in the past) is easy -yes. It also works. But - many people find it easier to create that query in a var so that it may be displayed during development when there are problems. Think about that.
3 - It's not the use of PDO or mysqli or MySQL that controls whether you have potentially bad practices going on related to injection. It is how you write your query! Since MySQL is going away and since it doesn't support prepared queries, obviously it poses the greatest risk. So can PDO and mysqlI if you don't take advantage of prepared queries. So - the use of a prepared query removes the risk of injection if properly used.
With all of this understood, a query process is pretty straight forward. Write it, prep it, then execute it with an array.
As for the try/catch question. You really don't want to be displaying error information to the user once your system goes into production. IIRC, when you enable exceptions in your connection logic and you have php display errors on, you will get an exception whenever your calls fail. And yes you need to do some kind of error checking for all kinds of external calls (connect,select, execute, fopen,fwrite, etc.). Read up on good practices on making the pdo connection to see what options you s/b using. My current connection logic is:
$db_options = array(PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC);
This is a var that is used in the actual constructor call that I have taken from a sticky post I found either here or on another forum.
Finally - while it may seem that you have more steps involved with pdo, I think you are saving effort now. Think about the proper argument preparation you had to do with a MySQL query. Now you don't have to escape every argument since a prepare statement takes care of that for you. Making the connection once at the top of you script is a practice that removes that step from all of your queries in that script. (I use a std. include module for the connection and simply make a call to a function in it that makes the connection and selects the db all at the same time.)
Hopefully I have not mis-stated anything here - and if I have I'm sure someone will step right up and correct me.