Unescaped parameter $EM_Booking->fields used in $wpdb->get_results("SELECT b.".implode(', b.', array_keys($EM_Booking->fields))." FROM ".EM_BOOKINGS_TABLE." b, ".EM_EVENTS_TABLE." e WHERE e.event_id=b.event_id AND person_id={$this->ID} {$blog_condition} {$status_condition} ORDER BY ".em_get_option('dbem_bookings_default_orderby','event_start_date')." ".em_get_option('dbem_bookings_default_order','ASC'))\n$EM_Booking->fields used without escaping.
Unescaped parameter $EM_Event->event_id used in $wpdb->get_var('SELECT event_id FROM '.EM_EVENTS_TABLE." WHERE event_id={$EM_Event->event_id}")\n$EM_Event->event_id used without escaping.
Unescaped parameter $EM_Event->post_id used in $wpdb->get_results('SELECT meta_key,meta_value FROM ' . $wpdb->postmeta . ' WHERE post_id=' . $EM_Event->post_id)\n$EM_Event->post_id used without escaping.
Unescaped parameter $EM_Event->post_id used in $wpdb->get_row('SELECT * FROM ' . $wpdb->posts . ' WHERE ID=' . $EM_Event->post_id)\n$EM_Event->post_id used without escaping.
Unescaped parameter $EM_Location->location_id used in $wpdb->get_var('SELECT location_id FROM '.EM_LOCATIONS_TABLE." WHERE location_id={$EM_Location->location_id}")\n$EM_Location->location_id used without escaping.
Affected Plugins
Plugins that have instances of this rule violation