From f7c0480f1b69c44d5daf47d343aaba44ebd26ec2 Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Tue, 9 Nov 2010 15:11:47 -0800
Subject: use raw db queries wherever query items could contain '%'

---
 include/dba.php   | 10 ++++++++++
 include/items.php |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/dba.php b/include/dba.php
index 044263194..54084d835 100644
--- a/include/dba.php
+++ b/include/dba.php
@@ -134,6 +134,16 @@ function q($sql) {
 	return $ret;
 }}
 
+// raw db query, no arguments
+
+if(! function_exists('dbq')) { 
+function dbq($sql) {
+
+	global $db;
+	$ret = $db->q($sql);
+	return $ret;
+}}
+
 
 // Caller is responsible for ensuring that any integer arguments to 
 // dbesc_array are actually integers and not malformed strings containing
diff --git a/include/items.php b/include/items.php
index c10701b67..20f843613 100644
--- a/include/items.php
+++ b/include/items.php
@@ -550,7 +550,7 @@ function item_store($arr) {
 
 	logger('item_store: ' . print_r($arr,true), LOGGER_DATA);
 
-	$r = q("INSERT INTO `item` (`" 
+	$r = dbq("INSERT INTO `item` (`" 
 			. implode("`, `", array_keys($arr)) 
 			. "`) VALUES ('" 
 			. implode("', '", array_values($arr)) 
-- 
cgit v1.2.3