From fa97839088dd0de1df73a990255edce7eddf90d9 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 21 Nov 2004 08:25:17 +0000
Subject: - Patch 13180 by chx: renamed check_query() to db_escape_string() and
 implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
---
 includes/locale.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'includes/locale.inc')

diff --git a/includes/locale.inc b/includes/locale.inc
index 8a79b3dc9..b68d38a13 100644
--- a/includes/locale.inc
+++ b/includes/locale.inc
@@ -1012,16 +1012,16 @@ function _locale_string_seek() {
     // Compute LIKE section
     switch ($query->searchin) {
       case 'translated':
-        $where = "WHERE (t.translation LIKE '%". check_query($query->string) ."%' AND t.translation != '')";
+        $where = "WHERE (t.translation LIKE '%". db_escape_string($query->string) ."%' AND t.translation != '')";
         $orderby = "ORDER BY t.translation";
         break;
       case 'untranslated':
-        $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' AND t.translation = '')";
+        $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' AND t.translation = '')";
         $orderby = "ORDER BY s.source";
         break;
       case 'all' :
       default:
-        $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' OR t.translation LIKE '%". check_query($query->string) ."%')";
+        $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' OR t.translation LIKE '%". db_escape_string($query->string) ."%')";
         $orderby = '';
         break;
     }
@@ -1029,7 +1029,7 @@ function _locale_string_seek() {
     switch ($query->language) {
       // Force search in source strings
       case "en":
-        $sql = $join ." WHERE s.source LIKE '%". check_query($query->string) ."%' ORDER BY s.source";
+        $sql = $join ." WHERE s.source LIKE '%". db_escape_string($query->string) ."%' ORDER BY s.source";
         break;
       // Search in all languages
       case "all":
@@ -1037,7 +1037,7 @@ function _locale_string_seek() {
         break;
       // Some different language
       default:
-        $sql = "$join $where AND t.locale = '". check_query($query->language) ."' $orderby";
+        $sql = "$join $where AND t.locale = '". db_escape_string($query->language) ."' $orderby";
     }
 
     $result = pager_query($sql, 50);
-- 
cgit v1.2.3