Question from the Cybersec for techs : reinforce your basics test

Question: Identify which code snippet has an SQL injection vulnerability:

Code A:

<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');

$id = $_GET['id'];

$sql = "SELECT * FROM users WHERE id = " . $id;
$result = $pdo->query($sql);
?>

Code B:

<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');

$id = $_GET['id'];

$sql = "SELECT * FROM users WHERE id = :id";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
?>