What is Wrong Here?

What is Wrong Here? <?php $sql = " SELECT card_num, card_name, card_expiry FROM credit_cards WHERE uid = '{$_GET['uid']}' "; ?> http://example.com/script.php?uid=42 SELECT card_num, card_name, card_expiry FROM credit_cards WHERE uid = '42'

! http://example.com/script.php?uid=42'%20or%20''=' SELECT card_num, card_name, card_expiry FROM credit_cards WHERE uid = '42' or ''=''