diff options
| author | Friendika <info@friendika.com> | 2010-11-09 15:11:47 -0800 |
|---|---|---|
| committer | Friendika <info@friendika.com> | 2010-11-09 15:11:47 -0800 |
| commit | f7c0480f1b69c44d5daf47d343aaba44ebd26ec2 (patch) | |
| tree | 20765a582cf3e781cf670103686f31e68686081d /include | |
| parent | c50f491c3dd6df917c86d8074ebfdba22f96558d (diff) | |
| download | volse-hubzilla-f7c0480f1b69c44d5daf47d343aaba44ebd26ec2.tar.gz volse-hubzilla-f7c0480f1b69c44d5daf47d343aaba44ebd26ec2.tar.bz2 volse-hubzilla-f7c0480f1b69c44d5daf47d343aaba44ebd26ec2.zip | |
use raw db queries wherever query items could contain '%'
Diffstat (limited to 'include')
| -rw-r--r-- | include/dba.php | 10 | ||||
| -rw-r--r-- | include/items.php | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/include/dba.php b/include/dba.php index 044263194..54084d835 100644 --- a/include/dba.php +++ b/include/dba.php @@ -134,6 +134,16 @@ function q($sql) { return $ret; }} +// raw db query, no arguments + +if(! function_exists('dbq')) { +function dbq($sql) { + + global $db; + $ret = $db->q($sql); + return $ret; +}} + // Caller is responsible for ensuring that any integer arguments to // dbesc_array are actually integers and not malformed strings containing diff --git a/include/items.php b/include/items.php index c10701b67..20f843613 100644 --- a/include/items.php +++ b/include/items.php @@ -550,7 +550,7 @@ function item_store($arr) { logger('item_store: ' . print_r($arr,true), LOGGER_DATA); - $r = q("INSERT INTO `item` (`" + $r = dbq("INSERT INTO `item` (`" . implode("`, `", array_keys($arr)) . "`) VALUES ('" . implode("', '", array_values($arr)) |