I am using the shoppingcart plaincart and it has been hacked multiple times using this:
I have read that the below variable needs to be escaped using mysql_real_escape_string but i don't know how
$pdId = (isset($_GET['p']) && $_GET['p'] != '1') ? $_GET['p'] : 0;
Could someone please show me what to do?