My friend did some quick research and suggested looking into the options available in PDO database API. Currently I am using MySQLi to handle database requests. I found an excellent resource at https://websitebeaver.com/php-pdo-vs-mysqli. After a quick read, I think I will stick with using MySQLi and trying to update my implementation from a procedural style to a object oriented style and test a few parameterized queries until I get use to the idea and implementation.
Last night I had a discussion with a friend on the best practices of data access. This particular topic is not a strong point of mine, so I appreciated the input from a more seasoned back-end developer. The main topic of interest was the usage, advantages and possible benefits of parameterized queries.