We have a php script that was hacked and needs to be secured. There is a clean copy, but was told this line is insecure:
$rLinks = mysql_query("SELECT [login to view URL], [login to view URL], [login to view URL],
[login to view URL] FROM SUBCATEGORY S INNER JOIN CATEGORY C ON S.CATEGORY_ID =
[login to view URL] WHERE S.ID=$ID");