If you are a developer looking to fix this pattern and build a "better" shop, follow these security best practices: Use Prepared Statements
: This is the single most effective way to prevent SQLi. Instead of inserting variables directly into a query string, use placeholders. // Better way: PDO prepared statement $stmt = $pdo->prepare( 'SELECT * FROM shop WHERE id = ?' ); $stmt->execute([$_GET[ ]]); $product = $stmt->fetch(); Use code with caution. Copied to clipboard Sanitize and Validate Input : Always ensure the
This is a URL parameter often used to pass a product or category identifier. The “id” stands for “identifier,” and the number (1) is typically the first product in the database. When you see id=1 , it usually means the site is fetching the product with that specific ID from its database.