Even if the table isn't dropped, it's still an injection bug since the code did not behave as desired (i.e. did not use  42', 'Batman'); drop table customers; -- as the id).