Unescaped parameter $alter_table_name used in $wpdb->get_results("SELECT * FROM `{$alter_table_name}`")\n$alter_table_name assigned unsafely at line 1877:\n $alter_table_name = $this->get_alter_table_name()
Unescaped parameter $alter_table_name used in $wpdb->get_var("SHOW TABLES LIKE '$alter_table_name'")\n$alter_table_name assigned unsafely at line 1877:\n $alter_table_name = $this->get_alter_table_name()
Unescaped parameter $and used in $wpdb->get_results("SELECT DISTINCT post_author FROM $wpdb->posts WHERE post_status != 'auto-draft' $and")\n$and assigned unsafely at line 1892:\n $and = 'AND ID IN ( ' . implode( ', ', $post_ids ) . ')'
Unescaped parameter $childrenQuerystr used in $wpdb->get_results($childrenQuerystr)\n$childrenQuerystr assigned unsafely at line 85:\n $childrenQuerystr = $wpdb->prepare($childrenQuerystr, $categoryId)\n$childrenQuerystr assigned unsafely at line 84:\n $childrenQuerystr = "SELECT COUNT(*) as hasChildren FROM `{$tablePrefix}google_cats` WHERE `parent_id` = %d"\n$tablePrefix assigned unsafely at line 80:\n $tablePrefix = $this->getTablePrefix()
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $columns used in $wpdb->get_results("CREATE TABLE IF NOT EXISTS $test_table_new $columns")\n$columns assigned unsafely at line 38:\n $columns='(test_id int primary key)'\n$test_table assigned unsafely at line 39:\n $test_table = $wpdb->get_results("CREATE TABLE IF NOT EXISTS $test_table_new $columns",ARRAY_A)