The pull request could be done "stupidly", which may fix most problems (your 80% value), and for cases where it wouldn't "just work" the author could just reject the pull request but still be made aware of the problem.
I think what I'd do is write a bot that issues pull requests along with a commit message explaining what was fixed, why it needed fixing, how the automatic fix isn't perfect and that they should really consider rewriting it to use prepared statements.
Include a check to make sure multiple bugs in a single repo are handled by just one pull request too.
