diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-11-21 08:25:17 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-11-21 08:25:17 +0000 |
| commit | fa97839088dd0de1df73a990255edce7eddf90d9 (patch) | |
| tree | ddea053e39d55040400026ce1886464403b6f491 /includes/locale.inc | |
| parent | dc32e54f31e2b1308d5a6813dd644477076ec48d (diff) | |
| download | brdo-fa97839088dd0de1df73a990255edce7eddf90d9.tar.gz brdo-fa97839088dd0de1df73a990255edce7eddf90d9.tar.bz2 | |
- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
Diffstat (limited to 'includes/locale.inc')
| -rw-r--r-- | includes/locale.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/includes/locale.inc b/includes/locale.inc index 8a79b3dc9..b68d38a13 100644 --- a/includes/locale.inc +++ b/includes/locale.inc @@ -1012,16 +1012,16 @@ function _locale_string_seek() { // Compute LIKE section switch ($query->searchin) { case 'translated': - $where = "WHERE (t.translation LIKE '%". check_query($query->string) ."%' AND t.translation != '')"; + $where = "WHERE (t.translation LIKE '%". db_escape_string($query->string) ."%' AND t.translation != '')"; $orderby = "ORDER BY t.translation"; break; case 'untranslated': - $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' AND t.translation = '')"; + $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' AND t.translation = '')"; $orderby = "ORDER BY s.source"; break; case 'all' : default: - $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' OR t.translation LIKE '%". check_query($query->string) ."%')"; + $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' OR t.translation LIKE '%". db_escape_string($query->string) ."%')"; $orderby = ''; break; } @@ -1029,7 +1029,7 @@ function _locale_string_seek() { switch ($query->language) { // Force search in source strings case "en": - $sql = $join ." WHERE s.source LIKE '%". check_query($query->string) ."%' ORDER BY s.source"; + $sql = $join ." WHERE s.source LIKE '%". db_escape_string($query->string) ."%' ORDER BY s.source"; break; // Search in all languages case "all": @@ -1037,7 +1037,7 @@ function _locale_string_seek() { break; // Some different language default: - $sql = "$join $where AND t.locale = '". check_query($query->language) ."' $orderby"; + $sql = "$join $where AND t.locale = '". db_escape_string($query->language) ."' $orderby"; } $result = pager_query($sql, 50); |