diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2005-01-19 01:46:25 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2005-01-19 01:46:25 +0000 |
| commit | 09bd156ba212f56cc62de85c53f14127c719522b (patch) | |
| tree | 226933be541577bc1d347cd1ae02c7a18b155673 /modules/comment/comment.module | |
| parent | 86af977ecaebbed31d2897bdf6f3b829b0be924c (diff) | |
| download | brdo-09bd156ba212f56cc62de85c53f14127c719522b.tar.gz brdo-09bd156ba212f56cc62de85c53f14127c719522b.tar.bz2 | |
- Fix tracker pager count query being wrong (it did not return a count but a set, and it counted nodes with more than 1 comment as multiple nodes).
- Clean up various SQL queries: removing literally inserted data (db_escape_string is evil!), fixing single "%" which should be "%%", fixing integers being compared as strings.
Diffstat (limited to 'modules/comment/comment.module')
| -rw-r--r-- | modules/comment/comment.module | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 789f7c27f..811091a35 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -754,7 +754,7 @@ function comment_render($node, $cid = 0) { else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -846,7 +846,7 @@ function comment_render($node, $cid = 0) { } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = '". db_escape_string($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = %d", $nid); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '<form method="post" action="'. url('comment') ."\"><div>\n"; $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page); @@ -1006,7 +1006,7 @@ function comment_admin_overview($type = 'new') { $status = ($type == 'approval') ? 1 : 0; $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status); $sql .= tablesort_sql($header); - $result = pager_query($sql, 50); + $result = pager_query($sql, 50); while ($comment = db_fetch_object($result)) { $comment->name = $comment->uid ? $comment->registered_name : $comment->name; |