Unescaped parameter $SQL used in $wpdb->get_var($SQL)\n$SQL assigned unsafely at line 252:\n $SQL .= " FROM `" . DB::table('useronline') . "` as useronline JOIN `" . DB::table('visitor') . "` as visitor ON `useronline`.`visitor_id` = `visitor`.`ID`"
Unescaped parameter $args['sql'] used in $wpdb->get_results($args['sql'])\n$args['sql'] assigned unsafely at line 308:\n $args['sql'] = $args['sql'] . $wpdb->prepare(" LIMIT %d, %d", $limit, $args['per_page'])\n$args['sql'] assigned unsafely at line 305:\n $args['sql'] = "SELECT * FROM `" . DB::table('visitor') . "` ORDER BY ID DESC"\n$limit assigned unsafely at line 301:\n $limit = (($args['paged'] - 1) * $args['per_page'])\n$args['per_page'] used without escaping.\n$args['paged'] used without escaping.
Unescaped parameter $arrSQL['insert'] used in $wpdb->query($arrSQL['insert'])\n$arrSQL['insert'] used without escaping.
Unescaped parameter $checkSQL used in $wpdb->get_var($checkSQL)\n$checkSQL assigned unsafely at line 1970:\n $checkSQL = "show tables like '" . self::$tablePrefix . "{$tableName}'"\n$tablePrefix used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $columns used in $wpdb->get_row($wpdb->prepare("SELECT {$columns} FROM `" . DB::table('visitor') . "` WHERE `last_counter` = %s AND `ip` = %s", $last_counter, $ip))\n$columns assigned unsafely at line 91:\n $columns = str_replace("'", '', $columns)\n$columns assigned unsafely at line 90:\n $columns = (empty($fields) ? '*' : Helper::prepareArrayToStringForQuery($fields))\n$fields used without escaping.