It happens that googling a bit to know how to improve the security of a web system and protect a little against sql injections I read that one of the best ways is to use PDO however I am more familiar with mysqli so I intend to use the function prepare (If I'm not correct correct me). However, I still can not understand 100% how it works.
What I am most struggling with is the following: I am implementing a type of MVC and POO, as I had been handling the queries, it is generally like this:
1.- I have a file called conexion.php which contains both the connection and the methods that generate the queries. 
2.- To generate the queries I have different files for example registrations.php where I instantiate the connection class to make queries, something like this :.
However, I still do not know what or how to modify to use the mysqli prepare function. I was just investigating about 2 hours and between what I could find I soaked a bit in the syntax (say 20%), however I can not understand how to apply it but keeping the same structure that I handle. I tried to do the following:
But I throw the following error
Then it is evident that it did not work.
Since I want to thank any kind of help, guidance, scolding, suggestion, bibliography and good luck messages. A huge greeting.