<?php
$uid = (int) $_GET['uid'];
$sql = "
SELECT card_num, card_name, card_expiry
FROM credit_cards
WHERE uid = '{$uid}'
";
?>
http://example.com/script.php?uid=42
SELECT card_num, card_name, card_expiry
FROM credit_cards
WHERE uid = '42'
:-)
http://example.com/script.php?uid=42'%20or%20''='
SELECT card_num, card_name, card_expiry
FROM credit_cards
WHERE uid = '42'