Unescaped parameter $table used in $wpdb->get_results("SELECT * FROM $table LIMIT 1")\n$table assigned unsafely at line 163:\n $table = $wpdb->prefix . 'dpd_terminals'\n$results assigned unsafely at line 164:\n $results = $wpdb->get_results("SELECT * FROM $table LIMIT 1", ARRAY_A)
Unescaped parameter $table used in $wpdb->get_results("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '{$table}' AND column_name = 'status'")\n$table assigned unsafely at line 232:\n $table = $wpdb->prefix . 'dpd_terminals'\n$row assigned unsafely at line 233:\n $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '{$table}' AND column_name = 'status'" )
Unescaped parameter $table used in $wpdb->query("ALTER TABLE {$table} ADD status INT NULL DEFAULT 1")\n$table assigned unsafely at line 232:\n $table = $wpdb->prefix . 'dpd_terminals'\n$row assigned unsafely at line 233:\n $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '{$table}' AND column_name = 'status'" )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $table_name used in $wpdb->query($wpdb->prepare( "DELETE FROM `$table_name` WHERE option_id = %d ", $option_id ))\n$table_name assigned unsafely at line 1550:\n $table_name = $wpdb->prefix . 'options'\n$option_id assigned unsafely at line 1547:\n $option_id = filter_var( sanitize_text_field( wp_unslash( $_POST['option_id'] ) ), FILTER_SANITIZE_NUMBER_INT )\nNote: sanitize_text_field() is not a safe escaping function.\n$_POST['option_id'] used without escaping.