Unsafe SQL calls

WordPress Plugin Or theme Review issue : Unsafe SQL calls When making database calls, it's highly important to protect your code from SQL injection vulnerabilities. You need to update your code to use wpdb calls and prepare() with your queries to protect them. Please review the following: https://developer.wordpress.org/reference/classes/wpdb/#protect-queries-against-sql-injection-attacks http://codex.wordpress.org/Data_Validation#Database http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/ http://ottopress.com/2013/better-know-a-vulnerability-sql-injection/ Wrong Code : $sql="SELECT * FROM $wpdb->posts WHERE post_type='post' and post_status='published'"; Right Code : <?php $post_type='post'; $post_status='published'; $sql=$wpdb->prepare("SELECT * FROM $wpdb->posts WHERE post_type=%s and post_status=%s", $post_type, $post_status ); ?> %d (integer) %f (float) %s (string) %i (identifier, e.g. table/field names)

Recent Posts

Unsafe SQL calls

Recent Posts

Unsafe SQL calls