Thanks fotr this plugin, its very usefull.
I would like to point out that sometimes I get false positives. It would be great if I could exclude such from the results so that if I Check my plugin again I don't see those again.
One such false positive is
$wpdb->get_results(
$wpdb->prepare($query, ...$args)
);
Passing the query to the prepare function leads to the following result:
ERROR | WordPress.DB.PreparedSQL.NotPrepared Use placeholders and $wpdb->prepare(); found $query
The helper function executes a passed-in query variable, which must be prepared by the caller.
Another one is this: echo $dom->saveHtml(); This does not need escaping as the html is already safe;.
Thanks fotr this plugin, its very usefull.
I would like to point out that sometimes I get false positives. It would be great if I could exclude such from the results so that if I Check my plugin again I don't see those again.
One such false positive is
Passing the query to the prepare function leads to the following result:
Another one is this:
echo $dom->saveHtml();This does not need escaping as the html is already safe;.