Personally, what risk would I run if someone wanted to give an injection in this example:
$valorGet = $_GET["valor"];
$sql = "SELECT * FROM tabela WHERE caminho = '$valorGet'";
My question is, can the guy delete (DELETE) or insert (INSERT) something in my bank? Or just give another type of SELECT?
Is there a need to do an antijection with PDO in this case to increase security?