How to secure my my-sql database

Hello. I would like to know, how can I secure my database to prevent it from dropping a table or truncate it. I want to be able to do such things after logging into myPHP admin, but I don't want users of my webpage to be able to do it. My php code looks like this: require_once('connect.php'); /* Script that will connect to my database and saves the conection into variable $connection */ $input = $_POST['data']; /* Getting user's input - raw text */ $query = "INSERT INTO 'list' (thing) VALUES '$data'"; mysqli_query($connection, $query); The problem is, what would happen if a user inputs something like this: Trololol'"; DROP TABLE 'list'; Because thefinal query is this: INSERT INTO 'list' (thing) VALUES 'Trololol'; DROP TABLE 'list'; Is there any handy function to check for these hidden keywords or any permission system for the table?