wordpress soft reject

Hello friends, I would be glad to get some help in understanding of this rejection reason :

Please make sure you properly prepare your data for $wpdb.

Please also read

What exactly I am supposed to do?

thanks in advance

as per link in your theme you used any direct mysql_query ? if yes then use wordpress method

For sql query $wpdb

thanks for your reply , but i don’t have no mysql_query in my theme and no function related to sql .

or maybe i should tell that to the reviewer ?

its showing that you need escape data before update or insert to database

may be its used in your theme options or function you can share demo link with me

the old demo is deleted . but I discovered that option tree uses some sql queries :

$ot_maybe_cleanup_posts = count( $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE post_type = 'option-tree' LIMIT 2" ) ) > 1;

$wpdb->query( "DROP TABLE IF EXISTS $table_name" );

$attachmentid = $wpdb->get_var( "SELECT ID FROM {$wpdb->posts} WHERE guid='$file'" );

but the problem is how prepare those queries for wpdb as he requested . ??

You can include option tree as a plugin , I did that in one of my themes .


$ot_maybe_cleanup_posts = count( $wpdb->get_results(esc_sql(“SELECT * FROM $wpdb->posts WHERE post_type = ‘option-tree’ LIMIT 2” ) ) > 1;

$wpdb->query( “DROP TABLE IF EXISTS $table_name”);

use like this

The reviewer literally means to use the prepare method of the $wpdb class: