For example, it would make sense that in a comment section on a website which does not prevent the processing of escape characters that an escape character followed by code could "infiltrate" the backend code. How do big websites prevent this and is it absolutely impossible?
It is not impossible.
Big websites and small websites prevent SQL injection exactly the same way:
Using query parameters.
This works for text fields as well as shorter strings, dates, numbers, etc.
Here's a hypothetical example in PHP, but similar examples exist for any other programming language.
$text = $_POST['textfield'];
$stmt = $pdo->prepare("INSERT INTO mytable (textcol) VALUES (?)");
$stmt->execute( [ $text ] );
By keeping the content separate from the SQL query until execute(), this avoids a risk of SQL injection.