Never pass URL parameters directly into database queries. Use PDO (PHP Data Objects) with prepared statements. This treats the user input strictly as data, not executable code.
In the early days of CMS (Content Management Systems), many custom-built sites used this exact naming convention for their database queries. Is it still dangerous? inurl php id 1 link
Target websites built using the PHP scripting language. Never pass URL parameters directly into database queries