Unescaped parameter $collate used in $wpdb->query("CREATE TABLE {$wpdb->prefix}babe_category_deactivate_schedule (\n id int NOT NULL AUTO_INCREMENT,\n category_id bigint(20) DEFAULT NULL,\n deactivate_date_from datetime DEFAULT NULL,\n deactivate_date_to datetime DEFAULT NULL,\n PRIMARY KEY (id),\n KEY category_id (category_id),\n KEY deactivate_date_from (deactivate_date_from),\n KEY deactivate_date_to (deactivate_date_to),\n KEY category_deactivate_date_from_to (category_id, deactivate_date_from, deactivate_date_to)\n) $collate;")\n$collate assigned unsafely at line 199:\n $collate = ''
Unescaped parameter $delete_prepared used in $wpdb->query($delete_prepared)\n$delete_prepared assigned unsafely at line 658:\n $delete_prepared = $wpdb->prepare(\n "DELETE FROM ".self::$table_av_cal."\n\t\t\t\t\t\t WHERE booking_obj_id=%d\n\t\t\t\t\t\t\tAND date_from IN (%s)",\n array( $post_id_to, implode("','", $removed_dates) )\n )\n$table_av_cal used without escaping.
Unescaped parameter $items_number used in $wpdb->query("UPDATE {$wpdb->prefix}babe_av_cal ac \n SET ac.av_guests = (". $item_max_guests*$items_number ." - ac.guests) WHERE ac.booking_obj_id = ". (int)$booking_obj_id .";")\n$items_number assigned unsafely at line 1533:\n $items_number = BABE_Post_types::get_post_items_number($booking_obj_id)\n$booking_obj_id used without escaping.