By "rendering engine" I assume you mean server side scripting + database. You may or may not need this, depending on your site.
If your site is not big and the current pages are "hand coded" HTML, you may not need need server side scripting - changing internal URLs to your new format and mapping of URLs to the path of the HTML documents on your server via .htaccess would be enough. The old URLs should then be redirected to the new format using 301 redirect in .htaccess (assuming your hosting is Linux).
Otherwise you may use database and something like php + .htaccess to handle your URLs. With regards to the SQL injection, if you do not have forms that use database, you name your database and tables something not obvious and your code that access database is sanitised and you use strong database password, then SQL injection should not be a problem - the risk would be practically the same as leaking your FTP password in your current environment.
And lastly, you could use some of many open source CMS (such as Wordpress) in which case you have to read about the risk on SQL injection, follow the recommendation to sanitise and upgrade your CMS to a newer version regularly.
"Need" is a strong word. I built a 50,000 page static site in a single directory. I ended up replacing it with a CMS system because it was easier to edit that way. The 50,000 html files in a single directory did not actually cause any problems on their own.