A very common way hackers can break into your website database is via targeting outdated PHP code and unsecured get variables, especially when the code retrieves records from a mySQL database table using the outdated and now defunct mysql PHP functions.
What I am going to demonstrate in this post, is how to take your original code and update it to mysqli and also how to secure any variables that may be passed into your page from a url ($_GET) or form post ($_POST) variable.