Remove SQL injection vulnerabilities

Map each of the inputs from $_POST['ids'] into a separate, sanitized
database input (via the db_input() function), then implode() the array with
commas and build the SQL statement.