Church Admin

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$delete'.

Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 587:\n $sql='SELECT DISTINCT a.household_id,a.*,a.show_me,b.attachment_id AS household_image FROM '.$wpdb->prefix.'church_admin_people a LEFT JOIN '.$wpdb->prefix.'church_admin_household b on a.household_id=b.household_id WHERE a.show_me=1 AND a.head_of_household=1 '.$memb_sql.' ORDER BY a.last_name,a.first_name,a.middle_name ASC'\n$memb_sql assigned unsafely at line 585:\n $memb_sql=' AND ('.implode(' || ',$membsql).')'\n$membsql assigned unsafely at line 584:\n $membsql[]='a.member_type_id='.$value\n$value used without escaping.

Use placeholders and $wpdb->prepare(); found $sql

Use placeholders and $wpdb->prepare(); found $private

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_url'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_url'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$adult'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$kids'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'strip_tags'.

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.