It doesn't take a special script to prevent injection. Use prepared statements. MySQLi has them, though I'd recommend PDO over MySQLi as it has additional features and is easier to use. It's also the designated successor.
Read up on static IPs and you'll realize that static public IP addresses can only be assigned from a pool that has been allocated to someone else (your ISP, in this case). Ultimately, address pools are allocated by IANA, but anyone that has been allocated a pool can allocate a portion of that pool to someone else.
If you're talking about static private addresses, it depends on the router. You'll need to check your router documentation.