Inserting text inputted from a form into database, am I doing it securely?

Inserting text inputted from a form into database, am I doing it securely?

With phpMyAdmin I create a MySQL database for usage with a simple form
where the user inputs text and I save it into a table.
I'm not massively experienced with security so I want to make sure I'm
doing things right.
Basically, for accessing the database in code, I created a user with only
privileges to insert into the database. That's it. I log in with that user
in the code to insert the data.
However, in the code I log in with seemingly plain text, which I'm quite
sure is a bad idea. I use new mysqli(...) to log in, and I just supply the
user and password as a string. Is this plain text and a security issue? If
so, how should I be doing it?
And I'm storing user email addresses. I escape the data to prevent
injection attacks, but do I need to store it hashed like I would a
password?
Thanks, I just want to make sure I'm handling the security side of this
appropriately. Is there anything else I should be keeping in mind?