> Also I believe that https would prevent injections.

Depends where it happens. On shared web hosting, they control SSL termination and everything behind it.