<?php
// your code:
$sql = "SELECT * FROM `Accounts` WHERE `customer_id` = '" . $_GET['id'] ."'" ;
$result = sql_exec($sql);

// attacher access your site as below:
http://example.com/app/accountView?id=' or '1'='1

// your server will exec:
SELECT * FROM `Accounts` WHERE `customer_id` = '' or '1'='1'

// Query Parameterization
$sql = "SELECT * FROM `Accounts` WHERE `customer_id` = :int_id";
$statement = $dbh->prepare($sql);
$statement->bindParam('int_id', $_GET['id']);
$statement->execute();