Source: category (security level: low)
Flip the security level in the header to compare the vulnerable and fixed code paths.
<?php // LOW: raw numeric concatenation
$q = "SELECT id,name,price FROM products WHERE cat = " . $_GET['cat'] . " ORDER BY id";
$res = @mysqli_query(db(), $q); $rows = array();
if ($res) { while ($r = mysqli_fetch_assoc($res)) $rows[] = $r; } else $rows_error = mysqli_error(db());