UnescapedDBParameter

Unescaped parameter $AND_NOT_IN used in $wpdb->get_col("SELECT aid FROM $wpdb->democracy_a WHERE qid = $poll_id $AND_NOT_IN")\n$AND_NOT_IN assigned unsafely at line 450:\n $AND_NOT_IN = $ids ? sprintf( "AND aid NOT IN (" . implode( ',', $ids ) . ")" ) : ''\n$ids assigned unsafely at line 444:\n $ids[] = $aid\n$aid assigned unsafely at line 422:\n $aid => \n$answ_row assigned unsafely at line 423:\n $answ_row = $wpdb->get_row( "SELECT * FROM $wpdb->democracy_a WHERE aid = " . (int) $aid )

Unescaped parameter $AND_clause used in $wpdb->query($wpdb->prepare(\n\t\t\t"UPDATE $wpdb->democracy_a SET votes = (votes+1) WHERE qid = %d $AND_clause", $poll->id\n\t\t))\n$AND_clause assigned unsafely at line 116:\n $AND_clause = ' AND aid IN (' . $aids . ')'\n$aids assigned unsafely at line 115:\n $aids = implode( ',', $aids )\n$aids assigned unsafely at line 112:\n $aids = array_slice( $aids, 0, $poll->multiple )\n$aids assigned unsafely at line 104:\n $aids = reset( $aids )\n$aids assigned unsafely at line 96:\n $aids = array_filter( $aids )\n$aids assigned unsafely at line 91:\n $aids[] = $aid\n$poll->multiple used without escaping.\n$aid assigned unsafely at line 90:\n $aid = $this->insert_democratic_answer( $new_free_answer \n$new_free_answer assigned unsafely at line 78:\n $new_free_answer = $id\n$aids[] used without escaping.\n$id used without escaping.