I dont want to be hacked into oblivion

From what I understand, passing raw user input into SQL queries makes me vulnerable, for example:

$scary_stuff = $_POST['user_input']; 
mysql_query("INSERT INTO `table` (`column`) VALUES ('$scary_stuff')");

That's because the user can input something like value'); DROP TABLE table;--, and the query becomes:

INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')

What can be done to prevent this from happening?

Drawing on the programming gods of steem: @miohtama @romanskv @jl777 @grz @qkyrie @kkaos