UnescapedDBParameter

Unescaped parameter $post_type used in $wpdb->get_var($wpdb->prepare( "SELECT P.ID FROM $wpdb->posts AS P LEFT JOIN $wpdb->postmeta AS PM ON PM.post_id = P.ID WHERE P.post_type = '$post_type' AND PM.meta_key='$meta_key' AND PM.meta_value=%s AND P.post_status != 'trash' LIMIT 1", $sku ))\n$post_type used without escaping.\n$meta_key assigned unsafely at line 826:\n $meta_key = '_sku'\n$result_query assigned unsafely at line 827:\n $result_query = $wpdb->get_var( $wpdb->prepare( "SELECT P.ID FROM $wpdb->posts AS P LEFT JOIN $wpdb->postmeta AS PM ON PM.post_id = P.ID WHERE P.post_type = '$post_type' AND PM.meta_key='$meta_key' AND PM.meta_value=%s AND P.post_status != 'trash' LIMIT 1", $sku ) )\n$sku used without escaping.

Unescaped parameter $query used in $wpdb->get_row($wpdb->prepare(\n\t\t\t\t$query, \t\t\t\t...$query_params\n\t\t\t))\n$query assigned unsafely at line 396:\n $query .= ' AND tax_rate_state = %s'\n$query_params[] used without escaping.

Unescaped parameter $sql used in $wpdb->get_col($sql)\n$sql assigned unsafely at line 1025:\n $sql = "SELECT DISTINCT( {$table_prefix}postmeta.meta_key )\n\t\t\t\tFROM {$table_prefix}posts\n\t\t\t\tLEFT JOIN {$table_prefix}postmeta\n\t\t\t\t\tON {$table_prefix}posts.ID = {$table_prefix}postmeta.post_id\n\t\t\t\t\tWHERE {$table_prefix}posts.post_type = 'product'"