SQL injection comic

Use Prepared Statements, also known as parametrized queries. For example:

Source: https://paragonie.com/