From fa97839088dd0de1df73a990255edce7eddf90d9 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 21 Nov 2004 08:25:17 +0000
Subject: - Patch 13180 by chx: renamed check_query() to db_escape_string() and
 implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
---
 modules/taxonomy.module | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/taxonomy.module')

diff --git a/modules/taxonomy.module b/modules/taxonomy.module
index 42ece7d17..6ef41d12b 100644
--- a/modules/taxonomy.module
+++ b/modules/taxonomy.module
@@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphic = '--') {
 
 function _taxonomy_prepare_update($data) {
   foreach ($data as $key => $value) {
-    $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'";
+    $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'";
   }
   $result = implode(', ', $q);
   return $result;
@@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, $stage) {
   }
   else {
     foreach (array_values($data) as $value) {
-      $q[] = "'". str_replace('%', '%%', check_query($value)) ."'";
+      $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'";
     }
     $result = implode(', ', $q);
   }
-- 
cgit v1.2.3