Unescaped parameter $backup_table_name used in $wpdb->query("CREATE TABLE $backup_table_name LIKE $table_name")\n$backup_table_name assigned unsafely at line 257:\n $backup_table_name = ( $backup ) ? $table_name . '_backup' : $table_name . '_temp'
Unescaped parameter $backup_table_name used in $wpdb->query("CREATE TEMPORARY TABLE $backup_table_name AS SELECT $fields_sql_with_sum FROM $table_name GROUP BY $group_by_sql")\n$backup_table_name assigned unsafely at line 257:\n $backup_table_name = ( $backup ) ? $table_name . '_backup' : $table_name . '_temp'\n$fields_sql_with_sum assigned unsafely at line 261:\n $fields_sql_with_sum = str_replace( 'cntaccess', 'SUM(cntaccess) as cntaccess', $fields_sql )\n$group_by_sql assigned unsafely at line 262:\n $group_by_sql = implode( ', ', $group_by_fields )\n$fields_sql assigned unsafely at line 260:\n $fields_sql = implode( ', ', $fields )\n$group_by_fields used without escaping.\n$fields used without escaping.
Unescaped parameter $backup_table_name used in $wpdb->query("DROP TABLE $backup_table_name")\n$backup_table_name assigned unsafely at line 257:\n $backup_table_name = ( $backup ) ? $table_name . '_backup' : $table_name . '_temp'
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $backup_table_name used in $wpdb->query("INSERT INTO $backup_table_name SELECT * FROM $table_name")\n$backup_table_name assigned unsafely at line 257:\n $backup_table_name = ( $backup ) ? $table_name . '_backup' : $table_name . '_temp'
Unescaped parameter $download_id used in $wpdb->get_results('SELECT * FROM ' . $wpdb->prefix . 'sdm_downloads WHERE post_id="' . $download_id . '" AND visitor_ip = "' . $ipaddress . '"')\n$download_id used without escaping.