It's also worth mentioning that mysqli will only protect against SQL injection if you use prepared statements.

I was going to write a tutorial about the basics of using the mysqli extension. But why write one when Zend has already done an outstanding job?

Part I - Overview and Prepared Statements
Part II - Extending mysqli