How to prevent SQL Injection via the array parameter? (CVE-2017-14069)

Hello, this page suggest that the sql_query

$r = sql_query("SELECT modcomment FROM users WHERE id IN (" . implode(", ", $_POST(usernw)) . ")")or sqlerr(__FILE__, __LINE__);

Code (SQL):

is vulnerable to a SQL injection “via the usernw array parameter to nowarn.php.”

and the exploit is suggested:

POST nowarned=nowarned&usernw()=(select*from(select sleep(10))x)

Code (markup):

Please how that sql_query should look like so it prevent the abuse?