From 4cef0f12c8933ba881c12666f18dfeeacf002266 Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Sun, 1 Feb 2004 17:55:11 +0000
Subject: Fixed bug in query: if "%" is used in an SQL query, it needs to be
 escaped as %% because otherwise it can get parsed by the sprintf() in
 db_query(). See: http://drupal.org/node/view/5531

(present in HEAD as well)
---
 modules/title.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/title.module b/modules/title.module
index 45fe9e284..e109a1851 100644
--- a/modules/title.module
+++ b/modules/title.module
@@ -30,7 +30,7 @@ function title_page() {
 
     if (db_num_rows($result) == 0) {
       // No node with exact title found, try substring.
-      $result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%". check_query($title) ."%' AND n.status = 1 ORDER BY n.created DESC");
+      $result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%%%s%%' AND n.status = 1 ORDER BY n.created DESC", $title);
     }
 
     if (db_num_rows($result) == 0 && module_exist("search")) {
-- 
cgit v1.2.3