Unescaped parameter $aids used in $wpdb->get_results("SELECT id, choice FROM ".CHAINED_CHOICES." WHERE id IN (" . implode(',', $aids) . ")")\n$aids assigned unsafely at line 141:\n $aids = chained_int_array($aids)\n$aids assigned unsafely at line 137:\n $aids[] = $id\n$id used without escaping.
Unescaped parameter $answer_ids used in $wpdb->get_results($wpdb->prepare("SELECT * FROM ".CHAINED_CHOICES." \n\t\t\tWHERE question_id=%d AND id IN (".implode(",", $answer_ids).") ", $question->id))\n$answer_ids assigned unsafely at line 198:\n $answer_ids = chained_int_array($answer_ids)\n$answer_ids assigned unsafely at line 195:\n $answer_ids[] = $answer\n$answer assigned unsafely at line 191:\n $answer = $wpdb->get_var($wpdb->prepare("SELECT id FROM ".CHAINED_CHOICES."\n\t \t\t WHERE question_id=%d AND choice LIKE %s", $question->id, $answer))\n$question->id used without escaping.
Unescaped parameter $answers_table used in $wpdb->get_results("SELECT answer FROM {$answers_table} WHERE correct=1 AND question_id={$id}")\n$answers_table assigned unsafely at line 2763:\n $answers_table = $wpdb->prefix . "aysquiz_answers"\n$id used without escaping.\n$correct_answers assigned unsafely at line 2764:\n $correct_answers = $wpdb->get_results("SELECT answer FROM {$answers_table} WHERE correct=1 AND question_id={$id}")
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $answers_table used in $wpdb->get_results("SELECT image FROM {$answers_table} WHERE correct=1 AND question_id={$id}")\n$answers_table assigned unsafely at line 2788:\n $answers_table = $wpdb->prefix . "aysquiz_answers"\n$correct_answers assigned unsafely at line 2789:\n $correct_answers = $wpdb->get_results("SELECT image FROM {$answers_table} WHERE correct=1 AND question_id={$id}")
Unescaped parameter $answers_table used in $wpdb->get_row($wpdb->prepare("SELECT answer FROM {$answers_table} WHERE id=%d ;", $choice ))\n$answers_table assigned unsafely at line 2804:\n $answers_table = $wpdb->prefix . "aysquiz_answers"\n$choices assigned unsafely at line 2806:\n $choices = ''\n$user_choice used without escaping.\n$key used without escaping.