Unescaped parameter $backup_table_name used in $wpdb->get_var("SHOW TABLES LIKE '$backup_table_name'")\n$backup_table_name assigned unsafely at line 454:\n $backup_table_name = ( $daily ) ? $wpdb->prefix . 'bsearch_daily_backup' : $wpdb->prefix . 'bsearch_backup'
Unescaped parameter $backup_table_name used in $wpdb->query("CREATE TABLE $backup_table_name LIKE $table_name")\n$backup_table_name assigned unsafely at line 328:\n $backup_table_name = $backup ? $table_name . '_backup' : $table_name . '_temp'
Unescaped parameter $backup_table_name used in $wpdb->query("CREATE TEMPORARY TABLE $backup_table_name AS SELECT $fields_sql_with_sum FROM $table_name GROUP BY $group_by_sql")\n$backup_table_name assigned unsafely at line 328:\n $backup_table_name = $backup ? $table_name . '_backup' : $table_name . '_temp'\n$fields_sql_with_sum assigned unsafely at line 332:\n $fields_sql_with_sum = str_replace( 'cntaccess', 'SUM(cntaccess) as cntaccess', $fields_sql )\n$group_by_sql assigned unsafely at line 333:\n $group_by_sql = implode( ', ', $group_by_fields )\n$fields_sql assigned unsafely at line 331:\n $fields_sql = implode( ', ', $fields )\n$group_by_fields used without escaping.\n$fields used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $backup_table_name used in $wpdb->query("DROP TABLE $backup_table_name")\n$backup_table_name assigned unsafely at line 328:\n $backup_table_name = $backup ? $table_name . '_backup' : $table_name . '_temp'
Unescaped parameter $backup_table_name used in $wpdb->query("INSERT INTO $backup_table_name SELECT * FROM $table_name")\n$backup_table_name assigned unsafely at line 328:\n $backup_table_name = $backup ? $table_name . '_backup' : $table_name . '_temp'