Suggestion: Unify prepared statement usage

First of all let me say that this plugin looks awesome, especially considering its competitors, and the fact that it’s donationware, ie basically completely free!

That being said, I’ve noticed that there’s quite a few queries that do not use prepared statements. While most of the values that are being injected directly could be considered safe, given that they stem from PHP internal functions or mathematical calculations (compare for example cerber_acl_fixer() with cerber_upgrade_db(), both inserting ip2long(), one using prepared statements, one using injection), there are also functions that accept arbitrary values and inject them directly into the query (like cerber_is_table() and cerber_check_table()), which should be a no-go, as it could easily turn into a problem too when utilized incorrectly.

I’d consider it generally advised to use prepared statements for all queries, no exceptions, given that a simple mistake when changing the logic could open the way for unexpected values to slip in.

Regards
Timo