Unescaped parameter $ddp_logtable used in $wpdb->get_var("SELECT COUNT(*) FROM {$ddp_logtable};")\n$ddp_logtable assigned unsafely at line 837:\n $ddp_logtable = $wpdb->prefix . 'ddp_log'\n$insert_result assigned unsafely at line 839:\n $insert_result = $wpdb->insert( $ddp_logtable, array(\n 'datime' => current_time( 'mysql' ),\n 'note' => $text,\n ), array('%s', '%s') )\n$text used without escaping.
Unescaped parameter $ddp_logtable used in $wpdb->query("DELETE FROM {$ddp_logtable} WHERE id NOT IN (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSELECT id FROM (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSELECT id FROM {$ddp_logtable} ORDER BY datime DESC LIMIT 500\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) AS sub\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)")\n$ddp_logtable assigned unsafely at line 837:\n $ddp_logtable = $wpdb->prefix . 'ddp_log'\n$insert_result assigned unsafely at line 839:\n $insert_result = $wpdb->insert( $ddp_logtable, array(\n 'datime' => current_time( 'mysql' ),\n 'note' => $text,\n ), array('%s', '%s') )\n$text used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $table_name_log used in $wpdb->query("TRUNCATE {$table_name_log};")\n$table_name_log assigned unsafely at line 1191:\n $table_name_log = $wpdb->prefix . 'ddp_log'
Unescaped parameter $thisquery used in $wpdb->get_results($thisquery)\n$thisquery assigned unsafely at line 417:\n $thisquery = "SELECT * FROM (\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tSELECT t1.ID, t1.post_title, t1.post_type, t1.post_status, save_this_post_id \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tFROM {$table_name} AS t1 \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tINNER JOIN ( \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tSELECT post_title, {$minmax} AS save_this_post_id \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tFROM {$table_name} \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tWHERE post_type IN ( {$ddp_pts} ) \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tAND post_status = 'publish' \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tGROUP BY post_title \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tHAVING COUNT(*) > 1 \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t) AS t2 ON t1.post_title = t2.post_title \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tWHERE t1.post_status = 'publish'\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tORDER BY t1.post_title, t1.post_date DESC\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t) AS derived_table\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tWHERE ID != save_this_post_id\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t{$resultsoutput}"\n$table_name assigned unsafely at line 371:\n $table_name = $wpdb->prefix . 'posts'\n$minmax assigned unsafely at line 393:\n $minmax = 'MIN(id)'\n$ddp_pts assigned unsafely at line 383:\n $ddp_pts = rtrim( $ddp_pts, ',' )\n$ddp_pts assigned unsafely at line 381:\n $ddp_pts = ''\n$ddp_pts assigned unsafely at line 379:\n $ddp_pts = '"' . implode( '","', $ddp_pts_arr ) . '"'\n$resultslimit assigned unsafely at line 372:\n $resultslimit = $options['ddp_resultslimit']\n$options['ddp_resultslimit'] used without escaping.\n$order assigned unsafely at line 390:\n $order = 'latest'\n$order assigned unsafely at line 385:\n $order = $options['ddp_keep']\n$ddp_pts_arr assigned unsafely at line 377:\n $ddp_pts_arr = $options['ddp_pts']\n$options['ddp_keep'] assigned unsafely at line 389:\n $options['ddp_keep'] = 'latest'\n$options['ddp_pts'] used without escaping.
Unescaped parameter $total_dupes_query used in $wpdb->get_var($total_dupes_query)\n$total_dupes_query assigned unsafely at line 424:\n $total_dupes_query = "SELECT COUNT(*) FROM (\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tSELECT t1.ID, t1.post_title, t1.post_type, t1.post_status, save_this_post_id \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tFROM {$table_name} AS t1 \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tINNER JOIN ( \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tSELECT post_title, {$minmax} AS save_this_post_id \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tFROM {$table_name} \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tWHERE post_type IN ( {$ddp_pts} ) \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tAND post_type NOT IN ('nav_menu_item') \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tAND post_status IN ( {$post_stati} ) \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tGROUP BY post_title \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tHAVING COUNT(*)>1 \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t) AS t2 \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tON t1.post_title = t2.post_title \\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tAND post_status IN ( {$post_stati} )\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t) AS derived_table\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\tWHERE ID != save_this_post_id"\n$table_name assigned unsafely at line 371:\n $table_name = $wpdb->prefix . 'posts'\n$minmax assigned unsafely at line 393:\n $minmax = 'MIN(id)'\n$ddp_pts assigned unsafely at line 383:\n $ddp_pts = rtrim( $ddp_pts, ',' )\n$ddp_pts assigned unsafely at line 381:\n $ddp_pts = ''\n$ddp_pts assigned unsafely at line 379:\n $ddp_pts = '"' . implode( '","', $ddp_pts_arr ) . '"'\n$post_stati assigned unsafely at line 384:\n $post_stati = '"publish"'\n$resultslimit assigned unsafely at line 372:\n $resultslimit = $options['ddp_resultslimit']\n$options['ddp_resultslimit'] used without escaping.\n$order assigned unsafely at line 390:\n $order = 'latest'\n$order assigned unsafely at line 385:\n $order = $options['ddp_keep']\n$ddp_pts_arr assigned unsafely at line 377:\n $ddp_pts_arr = $options['ddp_pts']\n$options['ddp_keep'] assigned unsafely at line 389:\n $options['ddp_keep'] = 'latest'\n$options['ddp_pts'] used without escaping.