FBS Activity Tracker

Use of a direct database call is discouraged.

Unescaped parameter $prepared_sql used in $wpdb->get_results($prepared_sql)\n$prepared_sql assigned unsafely at line 239:\n $prepared_sql = $wpdb->prepare( $sql, $prepare_values )\n$sql assigned unsafely at line 227:\n $sql = "\r\n SELECT *\r\n FROM {$this->table_name}\r\n WHERE {$where_clause}\r\n ORDER BY timestamp DESC\r\n LIMIT %d OFFSET %d\r\n "\n$where_clause assigned unsafely at line 220:\n $where_clause = implode( ' AND ', $where_conditions )\n$where_conditions assigned unsafely at line 213:\n $where_conditions[] = '( user_name LIKE %s OR object_name LIKE %s OR details LIKE %s )'\n$like assigned unsafely at line 210:\n $like = '%' . $wpdb->esc_like( $raw_search ) . '%'

Unescaped parameter $where_clause used in $wpdb->get_var($this->wpdb->prepare(\r\n "SELECT COUNT(*) FROM {$this->table_name} WHERE {$where_clause}",\r\n $where_values\r\n ))\n$where_clause assigned unsafely at line 291:\n $where_clause = implode(' AND ', $where_conditions)\n$where_conditions assigned unsafely at line 285:\n $where_conditions[] = '(user_name LIKE %s OR object_name LIKE %s OR details LIKE %s)'\n$search_term assigned unsafely at line 284:\n $search_term = '%' . $this->wpdb->esc_like(sanitize_text_field($filters['search'])) . '%'\nNote: sanitize_text_field() is not a safe escaping function.\n$filters['search'] used without escaping.

Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at FROM {$table_name}\r\n

Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at FROM {$table_name}\r\n