seedprod/gist:5b366557c651f1d408457c819c2f5930

## gistfile1.txt
## Unsafe SQL calls

When making database calls, it's highly important to protect your code from SQL injection vulnerabilities. You need to update your code to use prepare() with your queries to protect them.

Please review the following:

* http://codex.wordpress.org/Class_Reference/wpdb#Protect_Queries_Against_SQL_Injection_Attacks
* http://codex.wordpress.org/Data_Validation#Database
* http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/
* http://ottopress.com/2013/better-know-a-vulnerability-sql-injection/

Some examples from your plugin:

// Update name
$wpdb->update(
$tablename,
array(
'name' => "New Giveaway (ID #$id)",
),
array( 'id' => $id ),
array(
'%s',
),
array( '%d' )
);
	## Unsafe SQL calls

	When making database calls, it's highly important to protect your code from SQL injection vulnerabilities. You need to update your code to use prepare() with your queries to protect them.

	Please review the following:

	* http://codex.wordpress.org/Class_Reference/wpdb#Protect_Queries_Against_SQL_Injection_Attacks
	* http://codex.wordpress.org/Data_Validation#Database
	* http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/
	* http://ottopress.com/2013/better-know-a-vulnerability-sql-injection/

	Some examples from your plugin:

	// Update name
	$wpdb->update(
	$tablename,
	array(
	'name' => "New Giveaway (ID #$id)",
	),
	array( 'id' => $id ),
	array(
	'%s',
	),
	array( '%d' )
	);