Unescaped parameter $additional used in $wpdb->get_results($wpdb->prepare(\r\n\t\t\t\t"SELECT entry_id\r\n\t\t\t\t FROM {$wpdb->prefix}quillforms_entry_meta\r\n\t\t\t\t WHERE meta_key = %s AND meta_value = %s $additional", \t\t\t\tarray( $meta_key, maybe_serialize( $meta_value ) )\r\n\t\t\t))\n$additional assigned unsafely at line 602:\n $additional .= ' LIMIT 1'\n$additional assigned unsafely at line 597:\n $additional = ''\n$results assigned unsafely at line 605:\n $results = $wpdb->get_results(\r\n\t\t\t$wpdb->prepare(\r\n\t\t\t\t"SELECT entry_id\r\n\t\t\t\t FROM {$wpdb->prefix}quillforms_entry_meta\r\n\t\t\t\t WHERE meta_key = %s AND meta_value = %s $additional", // phpcs:ignore\r\n\t\t\t\tarray( $meta_key, maybe_serialize( $meta_value ) )\r\n\t\t\t),\r\n\t\t\tARRAY_A\r\n\t\t)\n$meta_key used without escaping.\n$meta_value used without escaping.\n$form_id used without escaping.
Unescaped parameter $additional used in $wpdb->get_results($wpdb->prepare(\r\n\t\t\t\t"SELECT entry_id\r\n\t\t\t\t FROM {$wpdb->prefix}quillforms_entry_records\r\n\t\t\t\t WHERE record_id = %s AND record_value = %s $additional", \t\t\t\tarray( $record_id, maybe_serialize( $record_value ) )\r\n\t\t\t))\n$additional assigned unsafely at line 646:\n $additional .= ' LIMIT 1'\n$additional assigned unsafely at line 641:\n $additional = ''\n$results assigned unsafely at line 649:\n $results = $wpdb->get_results(\r\n\t\t\t$wpdb->prepare(\r\n\t\t\t\t"SELECT entry_id\r\n\t\t\t\t FROM {$wpdb->prefix}quillforms_entry_records\r\n\t\t\t\t WHERE record_id = %s AND record_value = %s $additional", // phpcs:ignore\r\n\t\t\t\tarray( $record_id, maybe_serialize( $record_value ) )\r\n\t\t\t),\r\n\t\t\tARRAY_A\r\n\t\t)\n$record_id used without escaping.\n$record_value used without escaping.\n$form_id used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare(\r\n\t\t\t\t"SELECT {$column_name} FROM {$wpdb->posts} WHERE ID=%d AND post_type=%s", \t\t\t\t$action_id,\r\n\t\t\t\tself::POST_TYPE\r\n\t\t\t))
Unescaped parameter $entries_table used in $wpdb->get_var("SHOW TABLES LIKE '$entries_table'")\n$entries_table assigned unsafely at line 234:\n $entries_table = $wpdb->prefix . 'quillforms_entries'
Unescaped parameter $insert_sql used in $wpdb->query($insert_sql)\n$insert_sql assigned unsafely at line 98:\n $insert_sql = $this->build_insert_sql( $data, $unique )\n$data assigned unsafely at line 81:\n $data = array(\r\n\t\t\t\t'hook' => $action->get_hook(),\r\n\t\t\t\t'status' => ( $action->is_finished() ? self::STATUS_COMPLETE : self::STATUS_PENDING ),\r\n\t\t\t\t'scheduled_date_gmt' => $this->get_scheduled_date_string( $action, $date ),\r\n\t\t\t\t'scheduled_date_local' => $this->get_scheduled_date_string_local( $action, $date ),\r\n\t\t\t\t'schedule' => serialize( $action->get_schedule() ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize\r\n\t\t\t\t'group_id' => $this->get_group_id( $action->get_group() ),\r\n\t\t\t)\n$unique used without escaping.\n$action used without escaping.\n$date used without escaping.