OLD:
$sql = "select list_id from campaign_list where campaign_id = $campaign_id";

NEW:
$sql = "select list_id from campaign_list where campaign_id = ?";

OLD:
$sth->execute();

NEW:
$sth->execute($campaign_id);