Flag unprepared SQL

[nickdaugherty]

Catch unprepared SQL - can do pattern matching for common SQL queries (SELECT, INSERT, DELETE, UPDATE) and find any matching strings that include variables that haven't been run through $wpdb->prepare().