SQL Injection

There’s an SQL injection vulnerability in the following page on the class parameter:

http://www.proraiders.com/rf/us/index.php?rfp=1&class=Paladin

Not sure if there are any more as I haven’t really been bothered to check. I’d recommend using PDO and prepared statements.

thanks