That's from rcp.php.
You escaping all input for insert/update queries, for missed it in few selects:
*) fetch_node_status: $_POST['node_id']
*) fetch_dciList: $_POST['node_id']
*) fetch_dci_value: $_POST['item_id'] and $_POST['node_id']
You escaping all input for insert/update queries, for missed it in few selects:
*) fetch_node_status: $_POST['node_id']
*) fetch_dciList: $_POST['node_id']
*) fetch_dci_value: $_POST['item_id'] and $_POST['node_id']