So it works when you directly put the integer in but not when you're using the variable? Try:
sql="SELECT * FROM thetable WHERE id = '$id'"
$_GET is always passed as a string so we need to make sure that we are infact still holding the value of $id and it is indeed an integer.
EDIT:
Make sure $id = (int) $_GET['id']; and then add this code into your file to check if it is or isn't an int.
if( is_int($id)) {
echo 'is int';
}else{
echo 'not int';
}
if that still doesn't resolve any issues can you try setting $id = 1 and running the script? I really can't see whatelse could be the problem.
Just read this....it's working now?
As with sanitizing the input, making id an integer should be enough in this case however more would be required if you were passing through a string.
$string = preg_replace('/[^-a-zA-Z0-9_]/', '', $_GET['string']);
This will take anything and make sure that it only contains letters, numbers, underscores or dashes.