You can use any SqlWrite[T]-able value in your queries:
val customerId = 123
val phoneNumber = "123456"
sql"""
INSERT INTO phones(customer_id, number)
VALUES($customerId, $phoneNumber)
""".insert()
The final query that gets executed will look like this:
INSERT INTO phones(customer_id, number)
VALUES(?, ?)
so it is injection-safe.