You are bypassing the GetSQLValueString() function and referencing a posted form value directly. That is the vulnerability. Any time you directly reference a value that is submitted in a form or passed through a url without scrubbing it, there is a potential exploit.