diff --git a/includes/deprecated.php b/includes/deprecated.php
index f70b9ac..0898690 100644
--- a/includes/deprecated.php
+++ b/includes/deprecated.php
@@ -121,8 +121,7 @@ function pmpromc_get_unsubscribe_audiences( $user_id ) {
 	$user_level_ids_string = '0';
 
 	//get levels in (admin_changed, inactive, changed) status with modified dates within the past few minutes
-	$sqlQuery = $wpdb->prepare("SELECT DISTINCT(membership_id) FROM $wpdb->pmpro_memberships_users WHERE user_id = %d AND membership_id NOT IN(%s) AND status IN('admin_changed', 'admin_cancelled', 'cancelled', 'changed', 'expired', 'inactive') AND modified > NOW() - INTERVAL 15 MINUTE ", $user_id, $user_level_ids_string);
-	$levels_unsubscribing_from = $wpdb->get_col($sqlQuery);
+	$levels_unsubscribing_from = $wpdb->get_col( $wpdb->prepare("SELECT DISTINCT(membership_id) FROM $wpdb->pmpro_memberships_users WHERE user_id = %d AND membership_id NOT IN(%s) AND status IN('admin_changed', 'admin_cancelled', 'cancelled', 'changed', 'expired', 'inactive') AND modified > NOW() - INTERVAL 15 MINUTE ", $user_id, $user_level_ids_string) );
 
 	//figure out which lists to unsubscribe from
 	$unsubscribe_lists = array();
diff --git a/includes/export-csv.php b/includes/export-csv.php
index 6fe19f9..032b5b6 100644
--- a/includes/export-csv.php
+++ b/includes/export-csv.php
@@ -103,28 +103,6 @@
 	
 	$csv_file_header .= "\n";
 
-	//generate SQL for list of users to process
-	$sqlQuery = "
-		SELECT
-			DISTINCT u.ID
-		FROM $wpdb->users u ";	
-
-	$sqlQuery .= "LEFT JOIN {$wpdb->pmpro_memberships_users} mu ON u.ID = mu.user_id ";
-	$sqlQuery .= "LEFT JOIN {$wpdb->pmpro_membership_levels} m ON mu.membership_id = m.id ";
-	
-	$sqlQuery .= "WHERE mu.membership_id > 0 ";
-	
-	$filter = " AND mu.status = 'active' AND mu.membership_id = " . esc_sql($l) . " ";	
-
-	//add the filter
-	$sqlQuery .= $filter;
-
-	//process based on limit value(s).
-	$sqlQuery .= "ORDER BY u.ID ";
-
-	if(!empty($limit))
-		$sqlQuery .= "LIMIT {$start}, {$limit}";
-
 	// Generate a temporary file to store the data in.
 	$tmp_dir = sys_get_temp_dir();
 	$filename = tempnam( $tmp_dir, 'pmpro_ml_');
@@ -136,7 +114,29 @@
 	fprintf($csv_fh, '%s', $csv_file_header );
 
 	//get users
-	$theusers = $wpdb->get_col($sqlQuery);
+	$sqlQuery = "
+		SELECT DISTINCT u.ID,
+		FROM {$wpdb->users} u
+			LEFT JOIN {$wpdb->pmpro_memberships_users} mu ON u.ID = mu.user_id
+			LEFT JOIN {$wpdb->pmpro_membership_levels} m ON mu.membership_id = m.id			
+		WHERE mu.membership_id > 0
+			AND mu.status = 'active' 
+			AND mu.membership_id = %d
+		ORDER BY u.ID ";
+	$prepare_args = array($l);
+
+	if ( ! empty( $limit ) ) {
+		$sqlQuery .= "LIMIT %d, %d";
+		$prepare_args[] = $start;
+		$prepare_args[] = $limit;
+	}
+
+	$theusers = $wpdb->get_col(
+		$wpdb->prepare(
+			$sqlQuery, // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+			$prepare_args
+		)
+	);
 	
 	//if no records just transmit file with only CSV header as content
 	if (empty($theusers)) {
@@ -215,27 +215,27 @@
 		{
 			$i_start += $max_users_per_loop;
 		}
-
-		$userSql = $wpdb->prepare("
-	        SELECT
-				DISTINCT u.ID,				
-				u.user_email,				
-				mu.membership_id as membership_id,				
-				m.name as membership_name			
-			FROM {$wpdb->users} u
-			LEFT JOIN {$wpdb->usermeta} um ON u.ID = um.user_id
-			LEFT JOIN {$wpdb->pmpro_memberships_users} mu ON u.ID = mu.user_id
-			LEFT JOIN {$wpdb->pmpro_membership_levels} m ON mu.membership_id = m.id			
-			WHERE u.ID BETWEEN %d AND %d AND mu.membership_id > 0 {$filter}
-			GROUP BY u.ID
-			ORDER BY u.ID",
-				$first_uid,
-				$last_uid
-		);
-
-		// TODO: Only return the latest record for the user(s) current (and prior) levels IDs?
 		
-		$usr_data = $wpdb->get_results($userSql);
+		$usr_data = $wpdb->get_results(
+			$wpdb->prepare("
+				SELECT
+					DISTINCT u.ID,				
+					u.user_email,				
+					mu.membership_id as membership_id,				
+					m.name as membership_name			
+				FROM {$wpdb->users} u
+				LEFT JOIN {$wpdb->usermeta} um ON u.ID = um.user_id
+				LEFT JOIN {$wpdb->pmpro_memberships_users} mu ON u.ID = mu.user_id
+				LEFT JOIN {$wpdb->pmpro_membership_levels} m ON mu.membership_id = m.id			
+				WHERE u.ID BETWEEN %d AND %d AND mu.membership_id > 0
+				AND mu.status = 'active' AND mu.membership_id = %d
+				GROUP BY u.ID
+				ORDER BY u.ID",
+					$first_uid,
+					$last_uid,
+					$l
+			)
+		);
 		$userSql = null;
 
 		if (PMPRO_BENCHMARK)
diff --git a/includes/functions.php b/includes/functions.php
index fcba547..2a163a1 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -72,8 +72,13 @@ function pmpromc_pmpro_after_change_membership_level( $level_id, $user_id ) {
 	if ( $options['unsubscribe'] != '0' ) {
 		// Get levels in (admin_changed, inactive, changed) status with modified dates within the past few minutes.
 		global $wpdb;
-		$sql_query                = $wpdb->prepare( "SELECT DISTINCT(membership_id) FROM $wpdb->pmpro_memberships_users WHERE user_id = %d AND membership_id NOT IN(%s) AND status IN('admin_changed', 'admin_cancelled', 'cancelled', 'changed', 'expired', 'inactive') AND modified > NOW() - INTERVAL 15 MINUTE ", $user_id, implode(',', $user_level_ids) );
-		$levels_unsubscribing_from = $wpdb->get_col( $sql_query );
+		$levels_unsubscribing_from = $wpdb->get_col( 
+			$wpdb->prepare(
+				"SELECT DISTINCT(membership_id) FROM $wpdb->pmpro_memberships_users WHERE user_id = %d AND membership_id NOT IN(%s) AND status IN('admin_changed', 'admin_cancelled', 'cancelled', 'changed', 'expired', 'inactive') AND modified > NOW() - INTERVAL 15 MINUTE ",
+				$user_id,
+				implode(',', $user_level_ids)
+			)
+		 );
 		foreach ( $levels_unsubscribing_from as $unsub_level_id ) {
 			if ( ! empty( $options[ 'level_' . $unsub_level_id . '_lists' ] ) ) {
 				$unsubscribe_audiences = array_merge( $unsubscribe_audiences, $options[ 'level_' . $unsub_level_id . '_lists' ] );
diff --git a/includes/settings.php b/includes/settings.php
index 9a0cc23..a17dfae 100644
--- a/includes/settings.php
+++ b/includes/settings.php
@@ -507,15 +507,25 @@ function pmpromc_sync_merge_fields_ajax()
 	$last_user_id = get_option('pmpromc_sync_merge_fields_last_user_id', 0);
 	$limit = 3;
 	$options = get_option("pmpromc_options");
-	$all_lists = get_option("pmpromc_all_lists");
 
 	//get next batch of users
-	$user_ids = $wpdb->get_col("SELECT DISTINCT(user_id) FROM $wpdb->pmpro_memberships_users WHERE status = 'active' AND user_id > $last_user_id ORDER BY user_id LIMIT $limit");
+	$user_ids = $wpdb->get_col(
+		$wpdb->prepare(
+			"SELECT DISTINCT(user_id) FROM $wpdb->pmpro_memberships_users WHERE status = 'active' AND user_id > %d ORDER BY user_id LIMIT %d",
+			$last_user_id,
+			$limit
+		)
+	);
 
 	//track progress
 	$first_load = get_transient('pmpro_updates_first_load');
 	if ($first_load) {
-		$total_users = $wpdb->get_var("SELECT COUNT(DISTINCT(user_id)) FROM $wpdb->pmpro_memberships_users WHERE user_id > $last_user_id");
+		$total_users = $wpdb->get_var(
+			$wpdb->prepare(
+				"SELECT COUNT(DISTINCT(user_id)) FROM $wpdb->pmpro_memberships_users WHERE status = 'active' AND user_id > %d",
+				$last_user_id
+			)
+		);
 		update_option('pmpromc_sync_merge_fields_total', $total_users, 'no');
 		$progress = 0;
 	} else {