From fa97839088dd0de1df73a990255edce7eddf90d9 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 21 Nov 2004 08:25:17 +0000
Subject: - Patch 13180 by chx: renamed check_query() to db_escape_string() and
 implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
---
 modules/profile/profile.module | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/profile/profile.module')

diff --git a/modules/profile/profile.module b/modules/profile/profile.module
index 3bf611a03..44d283167 100644
--- a/modules/profile/profile.module
+++ b/modules/profile/profile.module
@@ -86,10 +86,10 @@ function profile_browse() {
         $query = 'v.value = 1';
         break;
       case 'selection':
-        $query = "v.value = '". check_query($value) ."'";
+        $query = "v.value = '". db_escape_string($value) ."'";
         break;
       case 'list':
-        $query = "v.value LIKE '%%". check_query($value) ."%%'";
+        $query = "v.value LIKE '%%". db_escape_string($value) ."%%'";
         break;
       default:
         drupal_not_found();
-- 
cgit v1.2.3