Word Balloon

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$table_name".

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$data".

Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 69:\n $sql = $wpdb->prepare( "SELECT * FROM $table_name WHERE id = %d", $id )\n$table_name assigned unsafely at line 53:\n $table_name = $wpdb->prefix . 'word_balloon'\n$name assigned unsafely at line 21:\n $name = sanitize_text_field( esc_textarea( $_POST['name'] ) )\nNote: sanitize_text_field() is not a safe escaping function.\n$text assigned unsafely at line 22:\n $text = sanitize_text_field( esc_textarea( $_POST['text'] ) )\n$url assigned unsafely at line 38:\n $url = $return_data['url']\n$_POST['name'] used without escaping.\n$_POST['text'] used without escaping.\n$return_data['url'] used without escaping.

Use placeholders and $wpdb->prepare(); found $sql

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$w_b_success".

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "usort_reorder".

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$sql".

Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 16:\n $sql = "DROP TABLE IF EXISTS $table_name"\n$table_name assigned unsafely at line 15:\n $table_name = $wpdb->prefix . 'word_balloon'

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$w_b_success".