AnCode — Estimated Delivery Date for WooCommerce

Use placeholders and $wpdb->prepare(); found $query

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$table".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.

Unescaped parameter $table used in $wpdb->get_results($wpdb->prepare(\r\n "SELECT * FROM {$table} WHERE country_code=%s AND year=%d ORDER BY `date`",\r\n strtoupper( $country ),\r\n absint( $year )\r\n ))\n$table assigned unsafely at line 75:\n $table = self::table()

Use placeholders and $wpdb->prepare(); found interpolated variable {$table} at "SELECT * FROM {$table} WHERE country_code=%s AND year=%d ORDER BY `date`"

Use placeholders and $wpdb->prepare(); found interpolated variable {$table} at "SELECT `date` FROM {$table} WHERE country_code=%s AND year IN ($placeholders) AND is_considered=1"

Use placeholders and $wpdb->prepare(); found interpolated variable $placeholders at "SELECT `date` FROM {$table} WHERE country_code=%s AND year IN ($placeholders) AND is_considered=1"

Unescaped parameter $query used in $wpdb->get_col($query)\n$query assigned unsafely at line 103:\n $query = $wpdb->prepare(\r\n "SELECT `date` FROM {$table} WHERE country_code=%s AND year IN ($placeholders) AND is_considered=1",\r\n array_merge( [ strtoupper( $country ) ], array_map( 'absint', $years ) )\r\n )\n$table assigned unsafely at line 98:\n $table = self::table()

Unescaped parameter $table used in $wpdb->get_var($wpdb->prepare(\r\n "SELECT id FROM {$table} WHERE country_code=%s AND year=%d AND date=%s",\r\n $country, $year, $date\r\n ))\n$table assigned unsafely at line 118:\n $table = self::table()

Use placeholders and $wpdb->prepare(); found interpolated variable {$table} at "SELECT id FROM {$table} WHERE country_code=%s AND year=%d AND date=%s"