Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 403:\n $query .= ' ORDER BY `' . esc_sql( $this->sort_by ) . '`'\n$query assigned unsafely at line 395:\n $query = $select . $status_where . $search_where\n$select assigned unsafely at line 359:\n $select = 'SELECT * '\n$select assigned unsafely at line 357:\n $select = 'SELECT COUNT(*) '\n$status_where assigned unsafely at line 364:\n $status_where = ''
Unescaped parameter $query used in $wpdb->get_var($query)\n$query assigned unsafely at line 395:\n $query = $select . $status_where . $search_where\n$select assigned unsafely at line 359:\n $select = 'SELECT * '\n$select assigned unsafely at line 357:\n $select = 'SELECT COUNT(*) '\n$status_where assigned unsafely at line 364:\n $status_where = ''
Unescaped parameter $tableName used in $wpdb->get_results($wpdb->prepare( "SHOW COLUMNS FROM `$tableName` LIKE %s", 'host' ))\n$tableName assigned unsafely at line 118:\n $tableName = $this->getTablename('mails')
Unescaped parameter $tableName used in $wpdb->query($wpdb->prepare("DELETE FROM `$tableName` WHERE DATEDIFF( NOW(), `timestamp` ) >= %d", $days))\n$tableName assigned unsafely at line 122:\n $tableName = WPML_Plugin::getTablename( 'mails' )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $tableName used in $wpdb->query("ALTER TABLE `$tableName` ADD COLUMN `error` VARCHAR(400) NULL DEFAULT '' AFTER `attachments`;")\n$tableName assigned unsafely at line 118:\n $tableName = $this->getTablename('mails')