Uncaught PDOException

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'or 1=1 /**//**/uNiOn/**/AlL /**//**/sElEcT 0x393631353738343330312e39,0x39363135' at line 1

(File: /home/users/hanacerna/mithrill.cz/web/core/classes/DB.php)

https://mithrill.cz/index.php?route=/gallery/category/&p=2

File: /home/users/hanacerna/mithrill.cz/web/core/classes/DB.php

                                                        
    public static function getInstance() {
        if(!isset(self::$_instance)) {
            self::$_instance = new DB();
        }

        return self::$_instance;
    }

    public function query($sql, $params = array(), $fetch_method = PDO::FETCH_OBJ) {
        $this->_error = false;
        if($this->_query = $this->_pdo->prepare($sql)) {
            $x = 1;
            if(count($params)) {
                foreach($params as $param) {
                    $this->_query->bindValue($x, $param);
                    $x++;
                }
            }

            if($this->_query->execute()) {
                $this->_results = $this->_query->fetchAll($fetch_method);
                $this->_count = $this->_query->rowCount();
            } else {
                print_r($this->_pdo->errorInfo());
                $this->_error = true;
            }

        }

        return $this;
    }

    public function createQuery($sql, $params = array()) {
        $this->_error = false;
        if($this->_query = $this->_pdo->prepare($sql)) {
            $x = 1;
            if(count($params)) {
                foreach($params as $param) {
                    $this->_query->bindValue($x, $param);
                    $x++;

                                                    
File: /home/users/hanacerna/mithrill.cz/web/core/classes/Queries.php

                                                            public function __construct() {
        $this->_db = DB::getInstance();
    }

    public function getWhere($table, $where) {
        $data = $this->_db->get($table, $where);
        return $data->results();
    }

    public function getAll($table, $where = array()) {
        $data = $this->_db->get($table, $where);
        return $data->results();
    }

    public function orderAll($table, $order, $sort = null) {
        $data = $this->_db->orderAll($table, $order, $sort);
        return $data->results();
    }

    public function orderWhere($table, $where, $order, $sort = null) {
        $data = $this->_db->orderWhere($table, $where, $order, $sort);
        return $data->results();
    }

    public function getLike($table, $where, $like){
        $data = $this->_db->like($table, $where, $like);
        return $data->results();
    }

    public function update($table, $id, $fields = array()) {
        if(!$this->_db->update($table, $id, $fields)) {
            throw new Exception('There was a problem performing that action.');
        }
    }

    public function create($table, $fields = array()) {
        if(!$this->_db->insert($table, $fields)) {
            throw new Exception('There was a problem performing that action.');
        }
    }


                                                    
File: /home/users/hanacerna/mithrill.cz/web/modules/Gallery/pages/img_category.php

                                                        $settings_data = $queries->getWhere('gallery_settings', array('id', '=', 1));
$settings = $settings_data['0'];
$page_var = $settings->pagination;




$carousel_settings_data = $queries->getWhere('gallery_carousel_settings', array('id', '=', 1));
$carousel_settings = $carousel_settings_data['0'];

if ((int) $carousel_settings->enable === 1) {

	if ((int) $carousel_settings->sort === 1) {
		$car_sort = 'ASC';
	} else {
		$car_sort = 'DESC';
	}

	$carousel_list_array = array();

	$carousel_list = $queries->orderWhere('gallery_img', 'carousel = 1  AND category_id = ' . $id, 'id', $car_sort);

	$carousel_pagination = 1;

	if ($carousel_pagination === 1) {

		$paginator = new Paginator((isset($template_pagination) ? $template_pagination : array()));
		$carousel_list = $paginator->getLimited($carousel_list, $page_var, $p, count($carousel_list));
		$carousel_list = $carousel_list->data;
	}


	if (count($carousel_list)) {
		foreach ($carousel_list as $carousel) {
			$carousel_list_array[] = array(
				'id' => Output::getClean($carousel->id),
				'src' => Output::getClean($carousel->src),
				'alt' => Output::getClean($carousel->alt),
				'carousel_head' => Output::getClean($carousel->carousel_head),
				'carousel_title' => Output::getClean($carousel->carousel_title),
				'carousel_head_class' => Output::getClean($carousel->carousel_head_class),

                                                    
File: /home/users/hanacerna/mithrill.cz/web/index.php

                                                                // Homepage
        $pages->setActivePage($pages->getPageByURL('/'));
        require(ROOT_PATH . '/modules/Core/pages/index.php');
    }

} else {
    $route = rtrim(strtok($_GET['route'], '?'), '/');

    // Check modules
    $modules = $pages->returnPages();

    // Include the page
    if (array_key_exists($route, $modules)) {
        $pages->setActivePage($modules[$route]);
        if (!isset($modules[$route]['custom'])) {
            $path = join(DIRECTORY_SEPARATOR, array(ROOT_PATH, 'modules', $modules[$route]['module'], $modules[$route]['file']));

            if (!file_exists($path)) {
                require(ROOT_PATH . '/404.php');
            } else { 
                require($path);
            }
            
            die();
        } else {
            require(join(DIRECTORY_SEPARATOR, array(ROOT_PATH, 'modules', 'Core', 'pages', 'custom.php')));
            die();
        }
    } else {
        // Use recursion to check - might have URL parameters in path
        $path_array = explode('/', $route);

        for ($i = count($path_array) - 2; $i > 0; $i--) {

            $new_path = '/';
            for($n = 1; $n <= $i; $n++){
                $new_path .= $path_array[$n] . '/';
            }

            $new_path = rtrim($new_path, '/');