Use PDO prepared statements to securely execute SQL queries.
Source Code
$pdo = new PDO('mysql:host=localhost;dbname=testdb', 'username', 'password');
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->execute(['email' => $userInputEmail]);
$user = $stmt->fetch();