My'SQLi Server Behaviors uses prepared statements that are inherently injection proof. As long as you are using our server behaviors you shouldn't have to worry about it.
You can read more about how to prevent injection and how prepared statements work here:
https://websitebeaver.com/prepared-statements-in-php-mysqli-to-prevent-sql-injection