From fa97839088dd0de1df73a990255edce7eddf90d9 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 21 Nov 2004 08:25:17 +0000
Subject: - Patch 13180 by chx: renamed check_query() to db_escape_string() and
 implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
---
 modules/node/node.module | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/node/node.module')

diff --git a/modules/node/node.module b/modules/node/node.module
index 76270f76e..f56379f04 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -386,7 +386,7 @@ function node_load($conditions, $revision = NULL, $reset = NULL) {
 
   // Turn the conditions into a query.
   foreach ($conditions as $key => $value) {
-    $cond[] = 'n.'. check_query($key) ." = '". check_query($value) ."'";
+    $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'";
   }
 
   // Retrieve the node.
@@ -452,7 +452,7 @@ function node_save($node) {
     // Prepare the query:
     foreach ($node as $key => $value) {
       if (in_array($key, $fields)) {
-        $k[] = check_query($key);
+        $k[] = db_escape_string($key);
         $v[] = $value;
         $s[] = "'%s'";
       }
@@ -478,7 +478,7 @@ function node_save($node) {
     // Prepare the query:
     foreach ($node as $key => $value) {
       if (in_array($key, $fields)) {
-        $q[] = check_query($key) ." = '%s'";
+        $q[] = db_escape_string($key) ." = '%s'";
         $v[] = $value;
       }
     }
-- 
cgit v1.2.3