WP Pipes

The $text parameter must be a single text string literal. Found: $item['published'] == 0 ? 'selected' : ''

Use placeholders and $wpdb->prepare(); found $qry

Use placeholders and $wpdb->prepare(); found $qry

Unescaped parameter $ins_q used in $wpdb->query($ins_q)\n$ins_q assigned unsafely at line 981:\n $ins_q = "INSERT INTO `{$wpdb->prefix}wppipes_items` (`id`,`name`,`published`) "\r\n\t\t\t. "\\n VALUES ({$maxid}, '{$name}', 1)"\n$maxid assigned unsafely at line 977:\n $maxid = $max_cur + 1\n$name assigned unsafely at line 979:\n $name = 'Pipe#' . $maxid\n$max_cur assigned unsafely at line 976:\n $max_cur = $wpdb->get_var( $qry )

Use placeholders and $wpdb->prepare(); found $ins_q

Use placeholders and $wpdb->prepare(); found $sql

Unescaped parameter $qry used in $wpdb->query($qry)\n$qry assigned unsafely at line 994:\n $qry = "DELETE FROM `{$wpdb->prefix}wppipes_items` WHERE `id`= {$pipe->id}"\n$pipe->id used without escaping.

Use placeholders and $wpdb->prepare(); found $qry

Unescaped parameter $qry used in $wpdb->query($qry)\n$qry assigned unsafely at line 1000:\n $qry = "DELETE FROM `{$wpdb->prefix}wppipes_pipes` WHERE `item_id`= {$pipe->id}"\n$pipe->id used without escaping.

Use placeholders and $wpdb->prepare(); found $qry