From a04728577f34b98936c53799ccf1f2aaf7f3ff03 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Mon, 29 Dec 2008 16:03:57 +0000
Subject: - Patch #352054 by catch: convert calls to db_placeholders() in
 static queries.

---
 modules/user/user.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/user/user.module')

diff --git a/modules/user/user.module b/modules/user/user.module
index f97811cc1..6282d35c5 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -489,7 +489,7 @@ function user_role_permissions($roles = array(), $reset = FALSE) {
     if ($fetch) {
       // Get from the database permissions that were not in the static variable.
       // Only role IDs with at least one permission assigned will return rows.
-      $result = db_query("SELECT r.rid, p.permission FROM {role} r INNER JOIN {role_permission} p ON p.rid = r.rid WHERE r.rid IN (" . db_placeholders($fetch) . ")", $fetch);
+      $result = db_query("SELECT r.rid, p.permission FROM {role} r INNER JOIN {role_permission} p ON p.rid = r.rid WHERE r.rid IN (:fetch)", array(':fetch' => $fetch));
 
       while ($row = db_fetch_array($result)) {
         $stored_permissions[$row['rid']][$row['permission']] = TRUE;
-- 
cgit v1.2.3