diff options
author | Dries Buytaert <dries@buytaert.net> | 2004-11-21 08:25:17 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2004-11-21 08:25:17 +0000 |
commit | fa97839088dd0de1df73a990255edce7eddf90d9 (patch) | |
tree | ddea053e39d55040400026ce1886464403b6f491 /modules/locale.module | |
parent | dc32e54f31e2b1308d5a6813dd644477076ec48d (diff) | |
download | brdo-fa97839088dd0de1df73a990255edce7eddf90d9.tar.gz brdo-fa97839088dd0de1df73a990255edce7eddf90d9.tar.bz2 |
- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
Diffstat (limited to 'modules/locale.module')
-rw-r--r-- | modules/locale.module | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/locale.module b/modules/locale.module index f828f86eb..f6be43d65 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -428,11 +428,11 @@ function locale_admin_string() { switch ($op) { case 'delete': - $output .= _locale_string_delete(check_query(arg(4))); + $output .= _locale_string_delete(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case 'edit': - $output .= _locale_string_edit(check_query(arg(4))); + $output .= _locale_string_edit(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case t('Search'): @@ -441,7 +441,7 @@ function locale_admin_string() { $output .= _locale_string_seek_form(); break; case t('Save translations'): - $output .= _locale_string_save(check_query(arg(4))); + $output .= _locale_string_save(db_escape_string(arg(4))); drupal_goto('admin/locale/string/search'); break; default: |