Or the call to real_escape_string() in such cases is not needed?
/Email value comes from user input./
function findUser($email)
{
$mysqli = connectDB();
$email = $mysqli->real_escape_string($email);
$query = "CALL FindUser('{$email}')";
// ...
}