Why would the limit be -9999?
LOL. Thats saying Syndication.php IS NOT SECURE!
Why you cleaning input with mysql_real_scape_string or ...??!!
Gl.
I'd eat my hat if my forums got hacked with this. The limit input is actually set with intval, not m_r_e_s. Anyway, simple enough to put a check for less than 0?
else if($thread_limit < 0)
{
$thread_limit = 20;
}