¿Qué pudo haber pasado? ¿Será que me la hackearon?

$sql = "SELECT 
			d.company,
			c.member_id,
			c.id,
			c.year,
			c.model,
			c.type,
			c.typemodel,
			c.trans,
			c.color,
			c.engine,
			c.drive,
			c.stock,
			c.millage,
			c.price,
			c.certified,
			c.comments,
			c.mk_comment,
			c.special,
			c.stored,
			IF(d.phone='','',CONCAT(SUBSTRING(d.phone,1,3),'-',SUBSTRING(d.phone,4,3),'-',SUBSTRING(d.phone,7,4))) AS dealer_phone, 			d.zip,
			d.contact_name AS dealer_contact,
			st.state_code AS dealer_state,
			d.city,
			d.address AS dealer_address,
			d.website,
			d.finance AS dealer_finance,
			CONCAT(d.contact_name) AS dealer_name,
			IF(TO_DAYS(NOW())-TO_DAYS(c.stored)<=7,'yes','no') AS is_new_car,
			d.featured AS dealer_featured,
			IF(rsr.id IS NULL,'no',rsr.id) AS results_stat_id
		FROM ".$db_prefix."cars AS c
		INNER JOIN ".$db_prefix."dealers AS d ON d.id=c.member_id
		LEFT JOIN ".$db_prefix."states AS st ON st.id = d.state_id
		LEFT JOIN ".$db_prefix."results_stat_report AS rsr ON (rsr.stock=c.stock AND rsr.member_id=c.member_id AND rsr.year = '".$stats_year."' AND rsr.month = '".$stats_month."')
		WHERE  
	    d.status='Active' AND
		(c.model LIKE '$model%' OR '$model'='')
		AND (c.price >= '$min_price' OR '$min_price'='')
	    AND (c.price <= '$max_price' OR '$max_price'='')
		".$filterType."
		".$filterKeyword."
		AND (d.city LIKE '%$city%' OR '$city'='')".
		//AND (d.zip LIKE '%$zip%' OR '$zip'='')
		$zipstring."
		AND (c.year >= '$min_year' OR '$min_year'='')
	    AND (c.year <= '$max_year' OR '$max_year'='')
		AND (c.member_id='$dealer_id' OR '$dealer_id'='')";