Everything is still up to date. What was written was relevant 10 years ago, it will be relevant for a long time to come. The principles are the same. Nothing changed. The author of that article is a very authoritative comrade and "ate the dog" on this topic. He "taught" many people online even when 95% of the toaster population walked under the table. By the way, his website is also - phpfaq.ru with very valuable information.

The basic principles are basic and do not change over time. I would just rephrase it a little differently,
And I would also add that these rules must be observed unconditionally, in 100% of cases, without reasoning like "this data is safe with us, they can not be protected."
If we talk about trends, then practically no one works with pure SQL now. 95% of requests are made through ORM. Those. instead of

$stmt = $pdo->prepare("SELECT * FROM user where id = ?");
$stmt->execute([$id]);
$user = $stmt->fetch();

we write simply
, while the protection is already built into the ORM inside and you don’t need to think about it.
Well, if you need to make a more complex request, then again, there are developed Qveri builders, in which protection is also already built in. And only in the rarest cases you need to write pure SQL, and only then you need to remember about manual injection protection.