Source: search (security level: low)
Flip the security level in the header to compare the vulnerable and fixed code paths.
<?php // LOW: term concatenated into a LIKE (string SQLi) AND reflected verbatim (reflected XSS)
$term = isset($_GET['q']) ? $_GET['q'] : '';
$reflected = "You searched for: <b>$term</b>";
$rows = array(); $rows_error = null;
if ($term !== '') {
$q = "SELECT id,name,price FROM products WHERE name LIKE '%$term%'";
$res = @mysqli_query(db(), $q);
if ($res) { while ($r = mysqli_fetch_assoc($res)) $rows[] = $r; } else $rows_error = mysqli_error(db());
}