From 702a057683c51f4fdbaaeb8f963ec282caab6d14 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 25 Jul 2004 14:25:42 +0000
Subject: - Patch #9478 by JonBob: allow printf-style arguments in pager_query.

  Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature.

  This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
---
 modules/blog.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/blog.module')

diff --git a/modules/blog.module b/modules/blog.module
index 90ed4252e..ba9a38600 100644
--- a/modules/blog.module
+++ b/modules/blog.module
@@ -143,7 +143,7 @@ function blog_page_user($uid) {
   $title = t("%name's blog", array('%name' => $account->name));
   $output = '';
 
-  $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = '$account->uid' AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10));
+  $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
   while ($node = db_fetch_object($result)) {
     $output .= node_view(node_load(array('nid' => $node->nid)), 1);
   }
-- 
cgit v1.2.3