Unescaped parameter $prepared used in $wpdb->get_results($prepared)\n$prepared assigned unsafely at line 185:\n $prepared = $wpdb->prepare( $sql, $idProv )\n$sql assigned unsafely at line 175:\n $sql = "\n SELECT dist.idDist, dist.distrito\n FROM {$table_costo_ubigeo} AS ucu\n INNER JOIN {$table_ubigeo_distrito} AS dist ON dist.idDist = ucu.idDist\n WHERE ucu.idProv = %d\n GROUP BY dist.idDist, dist.distrito\n ORDER BY dist.distrito ASC\n "\n$table_costo_ubigeo assigned unsafely at line 162:\n $table_costo_ubigeo = $wpdb->prefix . 'ubigeo_costo_ubigeo'\n$table_ubigeo_distrito assigned unsafely at line 163:\n $table_ubigeo_distrito = $wpdb->prefix . 'ubigeo_distrito'\n$tipo_info assigned unsafely at line 166:\n $tipo_info = get_tipo_costo_ubigeo_by_idProv( $idProv )
Unescaped parameter $request used in $wpdb->get_results($request)\n$request assigned unsafely at line 138:\n $request = $wpdb->prepare("SELECT * FROM $table_name where idProv = %d order by distrito asc",sanitize_text_field($idProv))\nNote: sanitize_text_field() is not a safe escaping function.\n$table_name assigned unsafely at line 137:\n $table_name = $wpdb->prefix . "ubigeo_distrito"\n$idProv used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $request used in $wpdb->get_results($request)\n$request assigned unsafely at line 147:\n $request = $wpdb->prepare("SELECT * FROM $table_name where idProv =%d and idDepa =%d", sanitize_text_field($idProv), sanitize_text_field($idDepa))\nNote: sanitize_text_field() is not a safe escaping function.\n$table_name assigned unsafely at line 146:\n $table_name = $wpdb->prefix . "ubigeo_provincia"\n$idProv used without escaping.\n$idDepa used without escaping.
Unescaped parameter $request used in $wpdb->get_results($request)\n$request assigned unsafely at line 318:\n $request = $wpdb->prepare("SELECT * FROM $table_name")\n$table_name assigned unsafely at line 317:\n $table_name = $wpdb->prefix . "ubigeo_departamento"
Unescaped parameter $request used in $wpdb->get_results($request)\n$request assigned unsafely at line 327:\n $request = $wpdb->prepare("SELECT * FROM $table_name where idDepa =%d",$idDepa)\n$table_name assigned unsafely at line 326:\n $table_name = $wpdb->prefix . "ubigeo_provincia"\n$idDepa used without escaping.