Hi! I work as PHP/MySQL developer and have 11 years experience. I worked in house for a yacht charter company for most of this time and we recently eliminated sql injection vulnerabilities and fixed some other security issues too. I would not claim to be a security expert, but, if you'd be able to give me your website address, I could take a look around and see what I can find and then tell you the extent of the problems before you accept my bid. If you choose to accept, I'd then send you my report with details and proposals on how to solve any issues I have found. I would also happily take a quick look at the code base too within that budget, but if it's a huge framework I would be limited in how much checking I could do.
Thanks