WPS Visitor Counter Plugin

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 176:\n $sql .= ") ENGINE=MyISAM DEFAULT CHARSET=latin1;"\n$sql assigned unsafely at line 175:\n $sql .= "PRIMARY KEY (`ip`,`date`)"\n$sql assigned unsafely at line 174:\n $sql .= "`online` varchar(255) NOT NULL,"\n$sql assigned unsafely at line 173:\n $sql .= "`views` int(10) NOT NULL default '1',"\n$sql assigned unsafely at line 172:\n $sql .= "`date` date NOT NULL,"\n$sql assigned unsafely at line 171:\n $sql .= "`ip` varchar(20) NOT NULL default '',"\n$sql assigned unsafely at line 170:\n $sql = "CREATE TABLE IF NOT EXISTS `". WPS_VC_TABLE_NAME . "` ("\n$sql assigned unsafely at line 169:\n $sql = ""

Use placeholders and $wpdb->prepare(); found $sql

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Use placeholders and $wpdb->prepare(); found WPS_VC_OPTIONS_TABLE_NAME

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 192:\n $sql .= ") ENGINE=MyISAM DEFAULT CHARSET=latin1;"\n$sql assigned unsafely at line 191:\n $sql .= "PRIMARY KEY (`id`)"\n$sql assigned unsafely at line 190:\n $sql .= "`visitor_wpsvc_align` VARCHAR(25) NOT NULL DEFAULT 'wps_visitor_wpsvc_align',"\n$sql assigned unsafely at line 189:\n $sql .= "`views_start` INT(255) NOT NULL DEFAULT '1',"\n$sql assigned unsafely at line 188:\n $sql .= "`user_start` INT(255) NOT NULL DEFAULT '1',"\n$sql assigned unsafely at line 187:\n $sql .= "`visitor_title` VARCHAR(255) NOT NULL default 'Our Visitor',"\n$sql assigned unsafely at line 186:\n $sql .= "`style` VARCHAR(25) NOT NULL DEFAULT 'text/effect-white',"\n$sql assigned unsafely at line 185:\n $sql .= "`font_color` VARCHAR(25) NOT NULL DEFAULT '#000000',"\n$sql assigned unsafely at line 184:\n $sql .= "`show_powered_by` INT(1) NOT NULL DEFAULT '1',"\n$sql assigned unsafely at line 183:\n $sql .= "`display_field` VARCHAR(600) NOT NULL default ',today_user,yesterday_user,last7_day_user,last30_day_user,month_user,year_user,total_user,today_view,yesterday_view,last7_day_view,last30_day_view,month_view,year_view,total_view,online_view,ip_display,server_time',"\n$sql assigned unsafely at line 182:\n $sql .= "`id` INT(10) NOT NULL AUTO_INCREMENT,"\n$sql assigned unsafely at line 181:\n $sql = "CREATE TABLE IF NOT EXISTS `". WPS_VC_OPTIONS_TABLE_NAME . "` ("\n$sql assigned unsafely at line 180:\n $sql = ""\n$sql assigned unsafely at line 176:\n $sql .= ") ENGINE=MyISAM DEFAULT CHARSET=latin1;"\n$sql assigned unsafely at line 175:\n $sql .= "PRIMARY KEY (`ip`,`date`)"\n$sql assigned unsafely at line 174:\n $sql .= "`online` varchar(255) NOT NULL,"\n$sql assigned unsafely at line 173:\n $sql .= "`views` int(10) NOT NULL default '1',"\n$sql assigned unsafely at line 172:\n $sql .= "`date` date NOT NULL,"\n$sql assigned unsafely at line 171:\n $sql .= "`ip` varchar(20) NOT NULL default '',"\n$sql assigned unsafely at line 170:\n $sql = "CREATE TABLE IF NOT EXISTS `". WPS_VC_TABLE_NAME . "` ("\n$sql assigned unsafely at line 169:\n $sql = ""

Use placeholders and $wpdb->prepare(); found $sql