Unescaped parameter $catsql used in $wpdb->query($wpdb->prepare( $catsql, $id, $name, $color ))\n$catsql assigned unsafely at line 146:\n $catsql = 'INSERT INTO ' . my_calendar_categories_table() . ' SET category_id=%1$d, category_name=%2$s, category_color=%3$s ON DUPLICATE KEY UPDATE category_name=%2$s, category_color=%3$s;'
Unescaped parameter $delete used in $wpdb->query($wpdb->prepare( $delete, $occur_id ))\n$delete assigned unsafely at line 2706:\n $delete = 'DELETE FROM `' . my_calendar_event_table() . '` WHERE occur_id = %d'
Unescaped parameter $event_query used in $wpdb->get_results($wpdb->prepare( $event_query, $begin_time, $end_time, $begin_time, $end_time ))\n$event_query assigned unsafely at line 94:\n $event_query = 'SELECT occur_id\r\n\t\t\t\t\tFROM ' . my_calendar_event_table() . '\r\n\t\t\t\t\tJOIN ' . my_calendar_table() . "\r\n\t\t\t\t\tON (event_id=occur_event_id)\r\n\t\t\t\t\tWHERE $select_location " . '\r\n\t\t\t\t\t( occur_begin BETWEEN cast( \\'%1$s\\' AS DATETIME ) AND cast( \\'%2$s\\' AS DATETIME )\r\n\t\t\t\t\tOR occur_end BETWEEN cast( \\'%3$s\\' AS DATETIME ) AND cast( \\'%4$s\\' AS DATETIME ) )'\n$select_location assigned unsafely at line 90:\n $select_location = ( $loc_id ) ? "event_location = '" . absint( $loc_id ) . "' AND" : ''\n$begin_time assigned unsafely at line 91:\n $begin_time = $begin . ' ' . $time\n$begin used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $event_query2 used in $wpdb->get_results($wpdb->prepare( $event_query2, $begin_time, $end_time ))\n$event_query2 assigned unsafely at line 106:\n $event_query2 = 'SELECT occur_id\r\n\t\t\t\t\t\tFROM ' . my_calendar_event_table() . '\r\n\t\t\t\t\t\tJOIN ' . my_calendar_table() . "\r\n\t\t\t\t\t\tON (event_id=occur_event_id)\r\n\t\t\t\t\t\tWHERE $select_location " . '\r\n\t\t\t\t\t\t( cast( \\'%1$s\\' AS DATETIME ) BETWEEN occur_begin AND occur_end\r\n\t\t\t\t\t\tOR cast( \\'%2$s\\' AS DATETIME ) BETWEEN occur_begin AND occur_end )'\n$select_location assigned unsafely at line 90:\n $select_location = ( $loc_id ) ? "event_location = '" . absint( $loc_id ) . "' AND" : ''\n$begin_time assigned unsafely at line 91:\n $begin_time = $begin . ' ' . $time\n$begin used without escaping.
Unescaped parameter $occurrences used in $wpdb->query($wpdb->prepare( $occurrences, $value ))\n$occurrences assigned unsafely at line 39:\n $occurrences = 'DELETE FROM ' . my_calendar_event_table() . ' WHERE occur_event_id = %d'