diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2004-02-01 17:55:11 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2004-02-01 17:55:11 +0000 |
| commit | 4cef0f12c8933ba881c12666f18dfeeacf002266 (patch) | |
| tree | 4772a8117cc0d143fbd0ac9284fdf5687aaefc3a | |
| parent | 7ce34a1c64bc9518e971df31d8e10189818e1958 (diff) | |
| download | brdo-4cef0f12c8933ba881c12666f18dfeeacf002266.tar.gz brdo-4cef0f12c8933ba881c12666f18dfeeacf002266.tar.bz2 | |
Fixed bug in query: if "%" is used in an SQL query, it needs to be escaped as %% because otherwise it can get parsed by the sprintf() in db_query().
See: http://drupal.org/node/view/5531
(present in HEAD as well)
| -rw-r--r-- | modules/title.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/title.module b/modules/title.module index 45fe9e284..e109a1851 100644 --- a/modules/title.module +++ b/modules/title.module @@ -30,7 +30,7 @@ function title_page() { if (db_num_rows($result) == 0) { // No node with exact title found, try substring. - $result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%". check_query($title) ."%' AND n.status = 1 ORDER BY n.created DESC"); + $result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%%%s%%' AND n.status = 1 ORDER BY n.created DESC", $title); } if (db_num_rows($result) == 0 && module_exist("search")) { |