# TaintedSql Emitted when user-controlled input can be passed into a SQL command. ```php exec("delete from users where user_id = " . $userId); } public static function getUserId() : string { return (string) $_GET["user_id"]; } } ```