diff options
Diffstat (limited to 'modules/comment/comment.module')
| -rw-r--r-- | modules/comment/comment.module | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 789f7c27f..811091a35 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -754,7 +754,7 @@ function comment_render($node, $cid = 0) { else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -846,7 +846,7 @@ function comment_render($node, $cid = 0) { } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = '". db_escape_string($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = %d", $nid); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '<form method="post" action="'. url('comment') ."\"><div>\n"; $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page); @@ -1006,7 +1006,7 @@ function comment_admin_overview($type = 'new') { $status = ($type == 'approval') ? 1 : 0; $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status); $sql .= tablesort_sql($header); - $result = pager_query($sql, 50); + $result = pager_query($sql, 50); while ($comment = db_fetch_object($result)) { $comment->name = $comment->uid ? $comment->registered_name : $comment->name; |