Unescaped parameter $catsql used in $wpdb->query($wpdb->prepare( $catsql, $id, $name, $color ))\n$catsql assigned unsafely at line 146:\n $catsql = 'INSERT INTO ' . my_calendar_categories_table() . ' SET category_id=%1$d, category_name=%2$s, category_color=%3$s ON DUPLICATE KEY UPDATE category_name=%2$s, category_color=%3$s;'
Unescaped parameter $daily_sessions_table_name used in $wpdb->get_results("SELECT * FROM {$daily_sessions_table_name} ORDER BY id DESC")\n$daily_sessions_table_name assigned unsafely at line 139:\n $daily_sessions_table_name = $wpdb->prefix . 'ifso_daily_sessions'\n$table assigned unsafely at line 138:\n $table = $wpdb->prefix . 'ifso_local_user'\n$data['record_id'] used without escaping.\n$sent_user_email assigned unsafely at line 120:\n $sent_user_email = (isset($_POST["user-email-box"]) && !empty($_POST["user-email-box"]) && $_POST["user-email-box"] != get_option('admin_email')) ? sanitize_email($_POST["user-email-box"]) : get_option('admin_email')\n$geo_queries_used assigned unsafely at line 111:\n $geo_queries_used = get_used_queries($geoData)\n$geo_int_monthly_queries assigned unsafely at line 110:\n $geo_int_monthly_queries = get_monthly_queries($geoData)\n$set_alert_values assigned unsafely at line 123:\n $set_alert_values = implode(' ',$set_alert_values_array)\n$_POST["user-email-box"] used without escaping.\n$geoData assigned unsafely at line 107:\n $geoData = GeolocationService\\GeolocationService::get_instance()->get_status($license)\n$set_alert_values_array assigned unsafely at line 121:\n $set_alert_values_array = (!empty($_POST['alert-checkbox-values'])) ? array_unique($_POST['alert-checkbox-values']) : []\n$license assigned unsafely at line 9:\n $license = get_option( 'edd_ifso_geo_license_key' )\n$_POST['alert-checkbox-values'] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $delete used in $wpdb->query($wpdb->prepare( $delete, $occur_id ))\n$delete assigned unsafely at line 2706:\n $delete = 'DELETE FROM `' . my_calendar_event_table() . '` WHERE occur_id = %d'
Unescaped parameter $event_query used in $wpdb->get_results($wpdb->prepare( $event_query, $begin_time, $end_time, $begin_time, $end_time ))\n$event_query assigned unsafely at line 94:\n $event_query = 'SELECT occur_id\r\n\t\t\t\t\tFROM ' . my_calendar_event_table() . '\r\n\t\t\t\t\tJOIN ' . my_calendar_table() . "\r\n\t\t\t\t\tON (event_id=occur_event_id)\r\n\t\t\t\t\tWHERE $select_location " . '\r\n\t\t\t\t\t( occur_begin BETWEEN cast( \\'%1$s\\' AS DATETIME ) AND cast( \\'%2$s\\' AS DATETIME )\r\n\t\t\t\t\tOR occur_end BETWEEN cast( \\'%3$s\\' AS DATETIME ) AND cast( \\'%4$s\\' AS DATETIME ) )'\n$select_location assigned unsafely at line 90:\n $select_location = ( $loc_id ) ? "event_location = '" . absint( $loc_id ) . "' AND" : ''\n$begin_time assigned unsafely at line 91:\n $begin_time = $begin . ' ' . $time\n$begin used without escaping.
Unescaped parameter $event_query2 used in $wpdb->get_results($wpdb->prepare( $event_query2, $begin_time, $end_time ))\n$event_query2 assigned unsafely at line 106:\n $event_query2 = 'SELECT occur_id\r\n\t\t\t\t\t\tFROM ' . my_calendar_event_table() . '\r\n\t\t\t\t\t\tJOIN ' . my_calendar_table() . "\r\n\t\t\t\t\t\tON (event_id=occur_event_id)\r\n\t\t\t\t\t\tWHERE $select_location " . '\r\n\t\t\t\t\t\t( cast( \\'%1$s\\' AS DATETIME ) BETWEEN occur_begin AND occur_end\r\n\t\t\t\t\t\tOR cast( \\'%2$s\\' AS DATETIME ) BETWEEN occur_begin AND occur_end )'\n$select_location assigned unsafely at line 90:\n $select_location = ( $loc_id ) ? "event_location = '" . absint( $loc_id ) . "' AND" : ''\n$begin_time assigned unsafely at line 91:\n $begin_time = $begin . ' ' . $time\n$begin used without escaping.