diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-11-21 08:25:17 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-11-21 08:25:17 +0000 |
| commit | fa97839088dd0de1df73a990255edce7eddf90d9 (patch) | |
| tree | ddea053e39d55040400026ce1886464403b6f491 /modules/taxonomy.module | |
| parent | dc32e54f31e2b1308d5a6813dd644477076ec48d (diff) | |
| download | brdo-fa97839088dd0de1df73a990255edce7eddf90d9.tar.gz brdo-fa97839088dd0de1df73a990255edce7eddf90d9.tar.bz2 | |
- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
Diffstat (limited to 'modules/taxonomy.module')
| -rw-r--r-- | modules/taxonomy.module | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/taxonomy.module b/modules/taxonomy.module index 42ece7d17..6ef41d12b 100644 --- a/modules/taxonomy.module +++ b/modules/taxonomy.module @@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphic = '--') { function _taxonomy_prepare_update($data) { foreach ($data as $key => $value) { - $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); return $result; @@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, $stage) { } else { foreach (array_values($data) as $value) { - $q[] = "'". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); } |