addslashes will get rid of most of the sql injection. Another thing is to limit when users input. If you are going to be working with ids, then they are probably numeric. So use functions like is_numeric or intval to force the data to be what you want it to be.
MyBB uses a lot of intval but my personal preference is to check manually if it's numeric and then do something else if it's not. Make sure you use htmlspecialchars when outputting data if it can contain text that doesn't need to have html in it. This will stop people XSS since the tags will be changed.
Updated Site!
My mods
1.1:
MyBB Zip Installer, Easy Install v2.0, Cash/Points plugin, PayPal/Subscriber, Reply by email, Advanced Plugins