How to increase the security for login and prevention for SQL injection in PHP?

Sometimes developers are set the user name and password directly to query without using any plain text checking function like addslashes() of PHP function or mysqli_real_escape_string() of mysqli functions for entered username and password by user. And some time end uses are setting the password very poorly like set our simple name or birthday and name etc. So we need care about below things:

• For end user, password should not be be your personal details like birth date or your first or last name.
• For developer,
• Should to set restriction like allowed three wrong attempts after that block the user for 24 hours.
• From preventing SQL injection, Should to add addslashes() for PHP and for My SQL mysqli_real_escape_string() before executing the query to database.

Understanding with examples:

<?php 
   /*  For query */
   $con = mysqli_connect("localhost","user","password","dbname");
   
   $user_name = mysqli_real_escape_string($con, $_POST['user_name']);
   $pass = mysql_real_escape_string($con, $_POST['password']);
   
   $sql_query = "select * from employee where username = '" . $user_name . "' AND password = 
   '" . $pass . "'";
   $sql_query = "select * from employee where username = '" . $user_name . "'";
   
   ?>

Also we can set addslashes function like,

<?php

$user_name = addslashes($_POST['user_name']);
$pass = addslashes($_POST['password']);

?>

So above examples will help to prevent from SQL injection.