From eecbda5635a1621e323d8b7328a253ff945cb96c Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Fri, 24 Sep 2004 20:04:54 +0000
Subject: [PATCH] - Fixing user_load() to use sprintf db_query syntax. Uglier,
 but safer.

---
 modules/user.module      | 15 +++++++++++----
 modules/user/user.module | 15 +++++++++++----
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/modules/user.module b/modules/user.module
index d780cd6df95b..d616f21b3865 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -44,18 +44,25 @@ function user_load($array = array()) {
   // Dynamically compose a SQL query:
   $query = '';
 
+  $params = array();
   foreach ($array as $key => $value) {
     if ($key == 'pass') {
-      $query .= "u.$key = '". md5($value) ."' AND ";
+      $query .= "u.$key = '%s' AND ";
+      $params[] = md5($value);
     }
     else if ($key == 'uid') {
-      $query .= "u.uid = ". check_query($value) ." AND ";
+      $query .= "u.uid = %d AND ";
+      $params[] = $value;
     }
     else {
-      $query .= "LOWER(u.$key) = '". strtolower(check_query($value)) ."' AND ";
+      $query .= "LOWER(u.$key) = '%s' AND ";
+      $params[] = strtolower($value);
     }
   }
-  $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", 0, 1);
+  array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
+  $params[] = 0;
+  $params[] = 1;
+  $result = call_user_func_array('db_query_range', $params);
 
   if (db_num_rows($result)) {
     $user = db_fetch_object($result);
diff --git a/modules/user/user.module b/modules/user/user.module
index d780cd6df95b..d616f21b3865 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -44,18 +44,25 @@ function user_load($array = array()) {
   // Dynamically compose a SQL query:
   $query = '';
 
+  $params = array();
   foreach ($array as $key => $value) {
     if ($key == 'pass') {
-      $query .= "u.$key = '". md5($value) ."' AND ";
+      $query .= "u.$key = '%s' AND ";
+      $params[] = md5($value);
     }
     else if ($key == 'uid') {
-      $query .= "u.uid = ". check_query($value) ." AND ";
+      $query .= "u.uid = %d AND ";
+      $params[] = $value;
     }
     else {
-      $query .= "LOWER(u.$key) = '". strtolower(check_query($value)) ."' AND ";
+      $query .= "LOWER(u.$key) = '%s' AND ";
+      $params[] = strtolower($value);
     }
   }
-  $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", 0, 1);
+  array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
+  $params[] = 0;
+  $params[] = 1;
+  $result = call_user_func_array('db_query_range', $params);
 
   if (db_num_rows($result)) {
     $user = db_fetch_object($result);
-- 
GitLab