Use $id = (int)$_GET['id']; to force the variable to be an integer.
: A WAF can detect and block malicious requests containing SQL injection payloads. inurl indexphpid
Whether you are using a like Laravel, WordPress, or custom core PHP? Use $id = (int)$_GET['id']; to force the variable