Unescaped parameter $answer_id used in $wpdb->get_results($answer_id)\n$answer_id assigned unsafely at line 1178:\n $answer_id = "SELECT a.id, a.answer, COUNT(s_q.answer_id) AS answer_count\n FROM {$answer_table} AS a\n LEFT JOIN {$submitions_questiions_table} AS s_q \n ON a.id = s_q.answer_id\n WHERE s_q.survey_id=".absint( $survey_id ) ."\n GROUP BY a.id"\n$answer_table assigned unsafely at line 1151:\n $answer_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "answers"\n$submitions_questiions_table assigned unsafely at line 1150:\n $submitions_questiions_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "submissions_questions"\n$survey_id used without escaping.\n$question_table assigned unsafely at line 1152:\n $question_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "questions"\n$submitions_table assigned unsafely at line 1153:\n $submitions_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "submissions"\n$survey_section_table assigned unsafely at line 1154:\n $survey_section_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "sections"
Unescaped parameter $answer_id used in $wpdb->get_results($answer_id)\n$answer_id assigned unsafely at line 1574:\n $answer_id = "SELECT a.id, a.answer, COUNT(s_q.answer_id) AS answer_count\n FROM {$answer_table} AS a\n LEFT JOIN {$submitions_questiions_table} AS s_q \n ON a.id = s_q.answer_id\n WHERE s_q.survey_id=". absint( $survey_id ) ."\n GROUP BY a.id"\n$answer_table assigned unsafely at line 1555:\n $answer_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "answers"\n$submitions_questiions_table assigned unsafely at line 1560:\n $submitions_questiions_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "submissions_questions"\n$survey_id used without escaping.\n$question_table assigned unsafely at line 1556:\n $question_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "questions"\n$question_ids assigned unsafely at line 1562:\n $question_ids = "SELECT question_ids FROM {$surveys_table} WHERE id =". absint( $survey_id )\n$surveys_table assigned unsafely at line 1559:\n $surveys_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "surveys"\n$submitions_table assigned unsafely at line 1557:\n $submitions_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "submissions"\n$survey_section_table assigned unsafely at line 1558:\n $survey_section_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "sections"
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $answers_table used in $wpdb->query("DELETE FROM {$answers_table} WHERE question_id IN (" . implode( ',', $question_ids ) . ")")\n$answers_table assigned unsafely at line 2381:\n $answers_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "answers"\n$surveys_table assigned unsafely at line 2382:\n $surveys_table = $wpdb->prefix . SURVEY_MAKER_DB_PREFIX . "surveys"\n$survey_row assigned unsafely at line 2385:\n $survey_row = self::get_item_by_id( $id )\n$id used without escaping.
Unescaped parameter $answers_table used in $wpdb->query("DROP TABLE IF EXISTS `".$answers_table."`")\n$answers_table assigned unsafely at line 41:\n $answers_table = $wpdb->prefix . 'ayssurvey_answers'\n$submissions_table assigned unsafely at line 42:\n $submissions_table = $wpdb->prefix . 'ayssurvey_submissions'\n$submissions_questions_table assigned unsafely at line 43:\n $submissions_questions_table = $wpdb->prefix . 'ayssurvey_submissions_questions'\n$settings_table assigned unsafely at line 44:\n $settings_table = $wpdb->prefix . 'ayssurvey_settings'\n$popup_surveys_table assigned unsafely at line 45:\n $popup_surveys_table = $wpdb->prefix . 'ayssurvey_popup_surveys'
Unescaped parameter $check used in $wpdb->query($check)\n$check assigned unsafely at line 54:\n $check = "SELECT id FROM $table_name WHERE post_id = '$post_id' AND slider_id = '$slider_id';"\n$table_name assigned unsafely at line 53:\n $table_name = $table_prefix.TESTIMONIAL_SLIDER_TABLE\n$post_id used without escaping.\n$slider_id used without escaping.