Title: WP SQL issue
Last modified: August 20, 2016

---

# WP SQL issue

 *  Resolved [Simplii Web](https://wordpress.org/support/users/blackclover/)
 * (@blackclover)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/wp-sql-issue/)

Viewing 1 replies (of 1 total)

 *  Plugin Author [Jacob Schwartz](https://wordpress.org/support/users/mightyturtle/)
 * (@mightyturtle)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/wp-sql-issue/#post-3450821)
 * Hi,
 * I appreciate your good intentions, but this is not an example of the security
   risk that you refer to. I want to be clear about this so that no one feels like
   they need to panic and deactivate the plugin.
 * For those who want to understand the technical reasoning for my answer:
    1. A security risk occurs where a parameter is inserted directly into the SQL without
       using placeholders. The SQL shown here does not use any parameters, it simply
       takes the top result from a list.
    2. The most recent version of WP raises a warning in this situation because the
       prepare function expects me to be using placeholders. It was not an issue in
       previous versions of WP. In the next release of my plugin, this will be fixed(
       I’ll simply execute the SQL directly rather than preparing). However, this is
       not a security risk and the warning only shows up when an admin has PHP warnings
       turned on, and even then only when viewing a preview via the settings page. 
       There is no impact to end users.
 * Sorry if this seems a little long winded, and once again I do appreciate your
   good intentions, but I need to be clear on this.
 * Thanks,
 * Jacob

Viewing 1 replies (of 1 total)

The topic ‘WP SQL issue’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wp-e-commerce-style-email_f39d82.
   svg)
 * [WP e-Commerce Style Email](https://wordpress.org/plugins/wp-e-commerce-style-email/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-e-commerce-style-email/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-e-commerce-style-email/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-e-commerce-style-email/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-e-commerce-style-email/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-e-commerce-style-email/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Jacob Schwartz](https://wordpress.org/support/users/mightyturtle/)
 * Last activity: [13 years, 4 months ago](https://wordpress.org/support/topic/wp-sql-issue/#post-3450821)
 * Status: resolved