The parameter $_Get['id'] here is directly spliced into the sql statement after removing the null value. There is a sql injection point. We can exploit vulnerabilities using methods such as federated ...