Convert to PDO MYSQL connection?? to prevent sql injection?

[xc0n]

hey i have a basic bit of code ill post below, at the moment it works fine, but im sure it is very unsecure, what i need to know is how to apply the PDO function to it so its a safe script and also if there are any other things i can do to tidy it up / make it more secure please let me know.

 

<?php

require ("auth.php"); // Checks to see if user is valid

// If User is valid then below will function

// Connect To Database
$dbhost = 'localhost';
$dbuser = '';
$dbpass = '';
$dbname = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error Connecting to MYSQL');
mysql_select_db($dbname);
// End  

//Get Data
$sql = mysql_query("SELECT * FROM `allowed_ips` WHERE `host_noip` = '$host_noip' limit 0, 30");
$result = mysql_fetch_assoc($sql);
//End

// Show Companys key
$show_secKey = $result['company_secKey'];

echo "<form method='post' action=''>enter key here: <input name='secKey' type='text'> <input type='submit' value='Submit'></form>";

$checksecKey = $_POST['secKey'];
if($checksecKey == $show_secKey) {

mysql_query("UPDATE allowed_ips SET ip_address = '$ip' WHERE host_noip = '$host_noip'");
mysql_query("UPDATE allowed_ips SET ip_host = '$ip_host' WHERE host_noip = '$host_noip'");
$result = mysql_query;

if($result) { echo "<meta HTTP-EQUIV='REFRESH' content='0; url=index.php'>";

}} else {
echo 'Error Wrong Key';
}
?>

 

Ive tryed to apply the PDO myself but cant seem to get it to work!

 

thanks in advance