Source: catalog (security level: low)
Flip the security level in the header to compare the vulnerable and fixed code paths.
<?php // LOW: sort column concatenated into ORDER BY -> ORDER-BY SQL injection (different context: no quotes)
$sort = isset($_GET['sort']) ? $_GET['sort'] : 'id';
$q = "SELECT id,name,price FROM products ORDER BY $sort";
$res=@mysqli_query(db(),$q); $rows=array(); $rows_error=null;
if($res){ while($r=mysqli_fetch_assoc($res)) $rows[]=$r; } else $rows_error=mysqli_error(db());