Looks pretty good to me. You're running in taint mode, using SQL parameters, and you aren't printing out any user-controlled data in your HTML (which would make you vulnerable to cross-site scripting attacks).

Perhaps a user could fill up your database by sending many requests like this, if that's a concern.