Unescaped parameter $col_name used in $wpdb->get_var($wpdb->prepare("SELECT 1 FROM {$this->table_name} WHERE {$col_name} = %s", $col_value))\n$col_name used without escaping.
Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$this->table_name} WHERE {$column_name} = %d", $column_value))
Unescaped parameter $pquery used in $wpdb->get_var($pquery)\n$pquery assigned unsafely at line 293:\n $pquery = $wpdb->prepare($query, DB_NAME, $this->table_name)\n$query assigned unsafely at line 288:\n $query = "\r\n\t SELECT ROUND((DATA_LENGTH + INDEX_LENGTH) / 1024) AS table_size_kb\r\n FROM information_schema.TABLES \r\n WHERE table_schema = %s AND table_name = %s;\r\n\t "
Unescaped parameter $pquery used in $wpdb->get_results($pquery)\n$pquery assigned unsafely at line 79:\n $pquery = $wpdb->prepare($query, 'publish', pubjet_now_myql())\n$query assigned unsafely at line 76:\n $query .= ' AND `position`=%s'\n$position used without escaping.
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 173:\n $query = "SELECT {$columns_safe_string} FROM {$this->table_name}"\n$columns_safe_string assigned unsafely at line 172:\n $columns_safe_string = implode(',', $column_names)\n$column_names used without escaping.