From 09bd156ba212f56cc62de85c53f14127c719522b Mon Sep 17 00:00:00 2001 From: Steven Wittens Date: Wed, 19 Jan 2005 01:46:25 +0000 Subject: - Fix tracker pager count query being wrong (it did not return a count but a set, and it counted nodes with more than 1 comment as multiple nodes). - Clean up various SQL queries: removing literally inserted data (db_escape_string is evil!), fixing single "%" which should be "%%", fixing integers being compared as strings. --- modules/comment/comment.module | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/comment/comment.module') diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 789f7c27f..811091a35 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -754,7 +754,7 @@ function comment_render($node, $cid = 0) { else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -846,7 +846,7 @@ function comment_render($node, $cid = 0) { } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = '". db_escape_string($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = %d", $nid); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '
\n"; $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page); @@ -1006,7 +1006,7 @@ function comment_admin_overview($type = 'new') { $status = ($type == 'approval') ? 1 : 0; $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status); $sql .= tablesort_sql($header); - $result = pager_query($sql, 50); + $result = pager_query($sql, 50); while ($comment = db_fetch_object($result)) { $comment->name = $comment->uid ? $comment->registered_name : $comment->name; -- cgit v1.2.3