Exclude self and security

Hello,

Great plugin, but I have few propositions for it.

First of all it’s security. I believe
$sptitle = $_POST['sptitle'];

should become
$sptitle = esc_sql(sanitize_text_field($_POST['sptitle']));

And the second issue, is that the current post will be shown in the similar list. To avoid this behavior I sent post_id:

jQuery("#title").on('keyup', function(){
	jQuery("#spresulte").html('<div class="spinner"></div>');
	var sptitle = jQuery(this).val();
	var post_id = jQuery("#post_ID").val();
	jQuery.post(ajaxurl,{sptitle:sptitle, post_id: post_id, action:'sp_ajax_hook'},function(t){
		var e=t.substr(0,t.length-1);
		jQuery("#spresulte").html(e);
		jQuery('#spresulte').highlight(sptitle);
	})
});

and then exclude it from the query:

if($_POST['sptitle'] != ''){
		$sptitle = esc_sql(sanitize_text_field($_POST['sptitle']));
		$post_id = (int)$_POST['post_id'];
		$splimit = get_option( 'sp_screen_options_limit', 10);
		$spminchar = get_option( 'sp_screen_options_minchar', 3);

		$splen = mb_strlen($sptitle);
		if($splen >= $spminchar){
			$sql = "
				SELECT *
				FROM ".$wpdb->prefix."posts
				WHERE
					post_title like '$sptitle%'
					AND ID != '".$post_id."'
					AND post_status = 'publish'
				limit 0,$splimit";
			$results = $wpdb->get_results( $sql );
			#echo "<xmp>".print_r($results, true)."</xmp>";
			$out = '';
			if(!empty($results)){
				$out .= "<ul class='postbox'>";
				foreach($results as $result){
					if(in_array($result->post_type, $post_types)){
						$out .=  "<li><a href='".home_url()."/wp-admin/post.php?post=".$result->ID."&action=edit' target='_blank'>".$result->post_title."</a> [".$result->post_type."]</li>";
					}
				}
				$out .= "</ul>";
			}
			echo $out;
		}
	}

Hope this would help to make plugin better. Please let me know if you have github or bitbucket.

https://wordpress.org/plugins/similar-post-title-checker/