Skip to content
This repository has been archived by the owner on May 4, 2023. It is now read-only.

Commit

Permalink
#227548 by Heine, AjK: misuse of db_escape_string(), when db_escape_t…
Browse files Browse the repository at this point in the history 
…able() should have been used
  • Loading branch information
goba committed Feb 27, 2008
1 parent 1567cce commit 021f59b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions modules/node/node.module
View file
@@ -1,5 +1,5 @@
<?php
// $Id: node.module,v 1.947.2.2 2008-02-13 14:10:22 goba Exp $
// $Id: node.module,v 1.947.2.3 2008-02-27 17:12:58 goba Exp $

/**
* @file
Expand Down Expand Up @@ -716,7 +716,7 @@ function node_load($param = array(), $revision = NULL, $reset = NULL) {
elseif (is_array($param)) {
// Turn the conditions into a query.
foreach ($param as $key => $value) {
$cond[] = 'n.'. db_escape_string($key) ." = '%s'";
$cond[] = 'n.'. db_escape_table($key) ." = '%s'";
$arguments[] = $value;
}
$cond = implode(' AND ', $cond);
Expand Down

0 comments on commit 021f59b

Please sign in to comment.