*The* way would be to use a good ORM so that it does all this for you (I personally recommend Sequel).

The other good way would be to use parameterized queries.

Apart from that, use whatever given SQL library gives you; unlike in, say, PHP, there is more than one widely used one.

-- 
Matma Rex