Source: product (security level: low)
Flip the security level in the header to compare the vulnerable and fixed code paths.
<?php
// LOW: raw numeric concatenation -> classic SQL injection (UNION / boolean / error / time), read-only.
$q = "SELECT id, name, price, description FROM products WHERE id = " . $_GET['id'];
$res = @mysqli_query(db(), $q);
$rows = array();
if ($res) { while ($r = mysqli_fetch_assoc($res)) { $rows[] = $r; } }
else { $rows_error = mysqli_error(db()); } // errors surfaced -> error-based technique works too