more secure sql statements

public/php/mysql_connect.php

@@ -27,6 +27,10 @@ class MySQLConnection {
         return $this->mysqli->query($sql);
     }
 
+	public function prepare($sql): bool|mysqli_stmt {
+		return $this->mysqli->prepare($sql);
+	}
+
     public function changeDB($dbName): void {
         $this->dbName = $dbName;
         $this->mysqli->select_db($dbName);

public/php/post_feedback.php

@@ -1,15 +1,16 @@
 <?php
 $response_array = array();
 
-include_once $_SERVER['DOCUMENT_ROOT'] . '/../private/mysql_connect.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/php/mysql_connect.php';
 $conn = new MySQLConnection();
 
 $content = $_POST['content'];
 $projectName = $_POST['projectName'];
 
 $sql = "INSERT INTO feedbacks (content, project_name)
-		VALUES ('$content', '$projectName')";
-$result = $conn->query($sql);
+		VALUES (?, ?)";
+$stmt = $conn->prepare($sql);
+$result = $stmt->execute([$content, $projectName]);
 
 $response_array['result'] = json_encode($result);