: An attacker or penetration tester might append a single quote ( ' ) to the id value to see if the page returns a database error, indicating a potential vulnerability. Ethical and Legal Note

$id = (int)$_GET['id']; // Forces the input to be an integer value Use code with caution. Configure Robust Web Application Firewalls (WAF)

The id parameter is the "smoking gun" in this search.