Source: track (security level: low)
Flip the security level in the header to compare the vulnerable and fixed code paths.
<?php // LOW: order code concatenated raw -> blind (boolean/time) SQL injection. Only status/existence
// leaks to the page, which is exactly the blind scenario.
$o = isset($_GET['order']) ? $_GET['order'] : '';
$status=null; $found=false; $track_error=null;
if($o!==''){
$q="SELECT status FROM orders WHERE code='$o'";
$res=@mysqli_query(db(),$q);
if($res){ if($row=mysqli_fetch_assoc($res)){ $found=true; $status=$row['status']; } } else $track_error=mysqli_error(db());
}