Use prepared statements and parameterized queries. These are SQL statements that are sent to and parsed by the database server separately…