Commit 4cef0f12 authored by Steven Wittens's avatar Steven Wittens
Browse files

Fixed bug in query: if "%" is used in an SQL query, it needs to be escaped as...

Fixed bug in query: if "%" is used in an SQL query, it needs to be escaped as %% because otherwise it can get parsed by the sprintf() in db_query().
See: http://drupal.org/node/view/5531

(present in HEAD as well)
parent 7ce34a1c
......@@ -30,7 +30,7 @@ function title_page() {
if (db_num_rows($result) == 0) {
// No node with exact title found, try substring.
$result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%". check_query($title) ."%' AND n.status = 1 ORDER BY n.created DESC");
$result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%%%s%%' AND n.status = 1 ORDER BY n.created DESC", $title);
}
if (db_num_rows($result) == 0 && module_exist("search")) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment