🛒 sekumartdeals so good it should be illegal
USD EUR GBP 🏴 0/6 🛒 cart (0) login
security level: low medium high impossible

Source: product (security level: low)

Flip the security level in the header to compare the vulnerable and fixed code paths.

<?php
// LOW: raw numeric concatenation -> classic SQL injection (UNION / boolean / error / time), read-only.
$q "SELECT id, name, price, description FROM products WHERE id = " $_GET['id'];
$res = @mysqli_query(db(), $q);
$rows = array();
if (
$res) { while ($r mysqli_fetch_assoc($res)) { $rows[] = $r; } }
else { 
$rows_error mysqli_error(db()); }   // errors surfaced -> error-based technique works too