Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 508:\n $sql = "UPDATE $table_name SET `srs_visitors_count` = '0'"\n$table_name assigned unsafely at line 500:\n $table_name = $wpdb->prefix.'srs_simple_hits_counter'\n$_POST['srs-form-nonce'] used without escaping.\n$_POST['unique_visitor_checkbox'] used without escaping.\n$_POST['unique_visitor_reset_val'] used without escaping.
Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 519:\n $sql = "UPDATE $table_name SET `srs_views_count` = '0' "\n$table_name assigned unsafely at line 500:\n $table_name = $wpdb->prefix.'srs_simple_hits_counter'\n$_POST['srs-form-nonce'] used without escaping.\n$_POST['unique_visitor_checkbox'] used without escaping.\n$_POST['unique_visitor_reset_val'] used without escaping.
Unescaped parameter $table_name used in $wpdb->get_results($wpdb->prepare("SELECT * FROM $table_name WHERE (srs_post_id = %d AND srs_date = %s )", $post_id, $date))\n$table_name assigned unsafely at line 83:\n $table_name = $wpdb->prefix.'srs_simple_hits_counter'\n$date assigned unsafely at line 84:\n $date = Date("Y-m-d")
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $table_name used in $wpdb->get_results("SELECT * FROM $table_name WHERE srs_post_id = $post_id")\n$table_name assigned unsafely at line 114:\n $table_name = $wpdb->prefix.'srs_simple_hits_counter'\n$post_id used without escaping.\n$date assigned unsafely at line 115:\n $date = Date("Y-m-d")
Unescaped parameter $table_name used in $wpdb->get_results("SELECT SUM(srs_views_count) as total FROM $table_name ")\n$table_name assigned unsafely at line 148:\n $table_name = $wpdb->prefix . 'srs_simple_hits_counter'\n$return used without escaping.