diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-07-25 14:25:42 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-07-25 14:25:42 +0000 |
| commit | 702a057683c51f4fdbaaeb8f963ec282caab6d14 (patch) | |
| tree | 79c689bf5c3c4253c8aa5f8a75b79bbd9dbafefa /modules/profile/profile.module | |
| parent | d8d524ffef3c08a44f6563fb76af5fb55a6f397c (diff) | |
| download | brdo-702a057683c51f4fdbaaeb8f963ec282caab6d14.tar.gz brdo-702a057683c51f4fdbaaeb8f963ec282caab6d14.tar.bz2 | |
- Patch #9478 by JonBob: allow printf-style arguments in pager_query.
Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature.
This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
Diffstat (limited to 'modules/profile/profile.module')
| -rw-r--r-- | modules/profile/profile.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/profile/profile.module b/modules/profile/profile.module index 61eca0aa2..b61470b39 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -83,7 +83,7 @@ function profile_browse() { } // Extract the affected users: - $result = pager_query("SELECT u.uid FROM {users} u INNER JOIN {profile_values} v ON u.uid = v.uid WHERE v.fid = $field->fid AND $query ORDER BY u.changed DESC", 20); + $result = pager_query("SELECT u.uid FROM {users} u INNER JOIN {profile_values} v ON u.uid = v.uid WHERE v.fid = %d AND $query ORDER BY u.changed DESC", 20, 0, NULL, $field->fid); $output = '<div id="profile">'; while ($account = db_fetch_object($result)) { |