How to prevent SQL Injection via the array parameter? (CVE-2017-14069)


Hello, this page suggest that the sql_query

$  r = sql_query("SELECT modcomment FROM users WHERE id IN (" . implode(", ", $  _POST[usernw]) . ")")or sqlerr(__FILE__, __LINE__);
Code (SQL):

is vulnerable to a SQL injection "via the usernw array parameter to nowarn.php."

and the exploit is suggested:

POST nowarned=nowarned&usernw[]=(select*from(select sleep(10))x)
Code (markup):

Please how that sql_query should…

How to prevent SQL Injection via the array parameter? (CVE-2017-14069)