Index: includes/coder_security.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/coder/includes/coder_security.inc,v
retrieving revision 1.15.2.10
diff -u -p -r1.15.2.10 coder_security.inc
--- includes/coder_security.inc	13 May 2008 18:04:18 -0000	1.15.2.10
+++ includes/coder_security.inc	18 Jul 2008 22:41:43 -0000
@@ -36,8 +36,8 @@ function coder_security_reviews() {
     ),
     array(
       '#type' => 'regex',
-      '#value' => '^(select\s+.*\s+from\s+'. $table .'|insert\s+into\s+'. $table .'|update\s+'. $table .'\s+set|delete\s+from\s'. $table .')\s+.*\$[^\']',
-      '#source' => 'doublequote',
+      '#value' => 'db_query\s*\(\s*"(select\s+.*\s+from\s+'. $table .'|insert\s+into\s+'. $table .'|update\s+'. $table .'\s+set|delete\s+from\s'. $table .')\s+.*\$[^\'].*".*\)',
+      '#source' => 'allphp',
       '#warning_callback' => '_coder_security_sql_var_warning',
     ),
     array(
Index: tests/coder_sql.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/coder/tests/Attic/coder_sql.inc,v
retrieving revision 1.1.4.10
diff -u -p -r1.1.4.10 coder_sql.inc
--- tests/coder_sql.inc	13 May 2008 18:04:18 -0000	1.1.4.10
+++ tests/coder_sql.inc	18 Jul 2008 22:41:43 -0000
@@ -39,4 +39,9 @@ function coder_test_sql() {
   $sql = 'INSERT INTO {foo} (%s)';
   $sql = 'INSERT INTO {foo} (1,%s)';
   $sql = 'INSERT INTO {foo} (1, %s)';
+
+  // Variables withing db_query queries.
+  db_query("SELECT * FROM {foo} WHERE name=$name");
+  db_query("INSERT INTO {foo} SET name='$name'");
+  update_sql("INSERT INTO {foo} SET name='$name'");
 }
