SearchIQ – The Search Solution

Unescaped parameter $query used in $wpdb->query($wpdb->prepare("{$query}", array( $table_name, $currentTime ) ))\n$query assigned unsafely at line 505:\n $query .= " ON DUPLICATE KEY UPDATE sync_time = '%5s' "\n$query assigned unsafely at line 503:\n $query =substr($query,0,-1)\n$query assigned unsafely at line 501:\n $query .=" (".$v.",'".$currentTime."'),"\n$table_name assigned unsafely at line 474:\n $table_name \t\t\t\t\t\t= $this->syncTableName()\n$v used without escaping.

Unescaped parameter $query used in $wpdb->get_var($wpdb->prepare( "{$query}", array( $table_name, $post_table_name) ))\n$query assigned unsafely at line 568:\n $query = "$theQuery $limitVar"\n$theQuery assigned unsafely at line 564:\n $theQuery .=" OR(tbl.post_id is null ".$allowedFilter." $timelimitTbl)"\n$limitVar assigned unsafely at line 560:\n $limitVar = ($limit == 0) ? "" : "LIMIT 0, ".$limit\n$allowedFilter assigned unsafely at line 559:\n $allowedFilter \t\t\t\t= (!empty($postMimeTypes)) ? " AND ( (tbl1.post_status='publish' AND tbl1.post_type IN ($allowedPostTypes)) ".$postMimeTypes." )" : " AND tbl1.post_status='publish' AND tbl1.post_type IN ($allowedPostTypes) "\n$limit used without escaping.\n$allowedPostTypes assigned unsafely at line 529:\n $allowedPostTypes = "'".$allowedPostTypes."'"\n$allowedPostTypes assigned unsafely at line 527:\n $allowedPostTypes = implode("','", $this->postsToIndexAndSearch)\n$postMimeTypes assigned unsafely at line 558:\n $postMimeTypes \t\t\t\t= " OR (tbl1.post_type = 'attachment' AND tbl1.post_mime_type = 'application/pdf' AND tbl1.post_parent !='') "\n$postMimeTypes assigned unsafely at line 534:\n $postMimeTypes \t= " OR (tbl1.post_type = 'attachment' AND tbl1.post_mime_type = 'application/pdf' AND tbl1.post_parent ='') "\n$postMimeTypes_1 assigned unsafely at line 535:\n $postMimeTypes_1 \t= " OR (tbl.post_type = 'attachment' AND tbl.post_mime_type = 'application/pdf' AND tbl.post_parent ='') "

Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( "{$query}", array( $table_name, $post_table_name) ))\n$query assigned unsafely at line 568:\n $query = "$theQuery $limitVar"\n$theQuery assigned unsafely at line 564:\n $theQuery .=" OR(tbl.post_id is null ".$allowedFilter." $timelimitTbl)"\n$limitVar assigned unsafely at line 560:\n $limitVar = ($limit == 0) ? "" : "LIMIT 0, ".$limit\n$allowedFilter assigned unsafely at line 559:\n $allowedFilter \t\t\t\t= (!empty($postMimeTypes)) ? " AND ( (tbl1.post_status='publish' AND tbl1.post_type IN ($allowedPostTypes)) ".$postMimeTypes." )" : " AND tbl1.post_status='publish' AND tbl1.post_type IN ($allowedPostTypes) "\n$limit used without escaping.\n$allowedPostTypes assigned unsafely at line 529:\n $allowedPostTypes = "'".$allowedPostTypes."'"\n$allowedPostTypes assigned unsafely at line 527:\n $allowedPostTypes = implode("','", $this->postsToIndexAndSearch)\n$postMimeTypes assigned unsafely at line 558:\n $postMimeTypes \t\t\t\t= " OR (tbl1.post_type = 'attachment' AND tbl1.post_mime_type = 'application/pdf' AND tbl1.post_parent !='') "\n$postMimeTypes assigned unsafely at line 534:\n $postMimeTypes \t= " OR (tbl1.post_type = 'attachment' AND tbl1.post_mime_type = 'application/pdf' AND tbl1.post_parent ='') "\n$postMimeTypes_1 assigned unsafely at line 535:\n $postMimeTypes_1 \t= " OR (tbl.post_type = 'attachment' AND tbl.post_mime_type = 'application/pdf' AND tbl.post_parent ='') "

Unescaped parameter $query used in $wpdb->query($wpdb->prepare( "{$query}", array( $table_name, $where ) ))\n$query assigned unsafely at line 610:\n $query = "DELETE FROM %5s WHERE `post_id` %5s;"

Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( "{$query}", array("{$wpdb->prefix}options") ))\n$query assigned unsafely at line 649:\n $query = "SELECT option_name, option_value from %5s WHERE option_name in ({$option_name_string})"\n$option_name_string assigned unsafely at line 648:\n $option_name_string = "'".implode("','", $this->pluginOptions)."'"

Unescaped parameter $metaFieldsNotToBeQueriedNPT used in $wpdb->get_col($wpdb->prepare("SELECT `meta_key` FROM `%5s` WHERE {$metaFieldsNotToBeQueriedNPT} GROUP BY meta_key ORDER BY meta_key;", $wpdb->postmeta))\n$metaFieldsNotToBeQueriedNPT assigned unsafely at line 3194:\n $metaFieldsNotToBeQueriedNPT .= " AND `meta_key` NOT LIKE '".$pattern."' "\n$metaFieldsNotToBeQueried assigned unsafely at line 3195:\n $metaFieldsNotToBeQueried .= " AND pm.meta_key NOT LIKE '".$pattern."' "\n$allFields assigned unsafely at line 3201:\n $allFields = $wpdb->get_col($wpdb->prepare("SELECT `meta_key` FROM `%5s` WHERE {$metaFieldsNotToBeQueriedNPT} GROUP BY meta_key ORDER BY meta_key;", $wpdb->postmeta) )

Unescaped parameter $queryAllMetaFields used in $wpdb->get_results($wpdb->prepare("{$queryAllMetaFields}", array($wpdb->postmeta, $wpdb->posts)))\n$queryAllMetaFields assigned unsafely at line 3250:\n $queryAllMetaFields = "select pp.meta_key, GROUP_CONCAT(pp.post_type SEPARATOR ',') as post_type from (select pm.meta_key as meta_key, po.post_type as post_type from `%5s` pm left join `%5s` po on pm.post_id = po.ID where ". $postTypeIncluded. " " . $postTypeExcluded . " " . $metaFieldsNotToBeQueried . " group by pm.meta_key, po.post_type) pp group by pp.meta_key order by pp.meta_key"\n$postTypeIncluded assigned unsafely at line 3248:\n $postTypeIncluded = is_array($postTypes) && count($postTypes) > 0 ? " po.post_type IN ('" . implode("','", $postTypes) . "') ": ""\n$postTypeExcluded assigned unsafely at line 3249:\n $postTypeExcluded = empty($postTypeIncluded) && is_array($this->postTypesFilter) && count($this->postTypesFilter) > 0 ? " po.post_type NOT IN ('".implode("','",$this->postTypesFilter)."') ": ''\n$metaFieldsNotToBeQueried used without escaping.\n$postTypes used without escaping.

Unescaped parameter $tbl used in $wpdb->query("TRUNCATE $tbl;")\n$tbl assigned unsafely at line 3919:\n $tbl = siq_core::errorTableName()

Unescaped parameter $allowedPostTypes used in $wpdb->get_col($wpdb->prepare("SELECT ID FROM `%5s` WHERE post_parent = %d $allowedPostTypes AND post_status = 'publish';", $wpdb->posts, $post_id))\n$allowedPostTypes assigned unsafely at line 4083:\n $allowedPostTypes = 'AND post_type IN("' . implode('","', $this->getPostTypesForIndexing()) . '")'

Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare("{$query}", array($wpdb->prefix . 'posts', $wpdb->prefix . 'postmeta')))\n$query assigned unsafely at line 4093:\n $query = "SELECT p.*, GROUP_CONCAT(pm.meta_key SEPARATOR '<>') as meta_key, GROUP_CONCAT(IFNULL(pm.meta_value,'') SEPARATOR '<>') as meta_value FROM ( SELECT * FROM `%5s` p WHERE p.ID IN(" . implode(',', $postIds) . ") ) p LEFT JOIN `%5s` pm ON p.ID = pm.post_id GROUP BY p.ID ORDER BY p.ID ASC, pm.meta_id ASC"\n$postIds used without escaping.