A great source on this topic is:
https://tableplus.com/blog/2018/08/best-practices-to-prevent-sql-injection-attacks.html
Or to avoid SQL injection automatically use Laravel, as the database query builders automatically account for SQL injection (except if you are using the raw query builders).