I would do as the marcio Simao proposed, using PDO, but if in your case it is complex to change all the code from mysqli to PDO, here is an alternative:
<?php
class DB{
private $conn;
public function getConnection(){
$this->conn = new mysqli("localhost", "root", "", "mvc");
}
public function execReader($SQL){
return $this->conn->query($SQL);
}
}
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$SQL = "SELECT * FROM produtos WHERE id = ". addslashes($id);
$DB = new DB();
$DB->getConnection();
$query = $DB->execReader($SQL);
if ($query == 0) {
header('Location: 404.php');
exit();
}
$vo = new ProdutoVO();
while($reg = $query->fetch_array(MYSQLI_ASSOC)){
$vo->setId($reg["id"]);
$vo->setNome($reg["nome"]);
$vo->setMarca($reg["marca"]);
$vo->setPreco($reg["preco"]);
}
var_dump($vo);
?>