db_query format
gcassie - April 27, 2008 - 16:50
| Project: | OG Teampage |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Description
The db_query calls aren't using printf syntax. One of the effects of this is including any apostrophes in the member descriptions causes a DB error. I fixed this one by changing:
<?php
$res = db_query("INSERT INTO {og_teampage_members} SET weight='".$value['weight']."', uid='".$uid."', gid='".$gid."', hidden='".$value['hidden']."', name='".$value['name']."', description='".$value['description']."', picture1='".$newfilename."'");
?>in og_teampage_admin_members_form_submit to:
<?php
$res = db_query("INSERT INTO {og_teampage_members} SET weight=%d, uid=%d, gid=%d, hidden=%d, name='%s', description='%s', picture1='%s'",
$value['weight'], $uid, $gid, $value['hidden'], $value['name'], $value['description'], $newfilename);
?>These changes should be made in general throughout the module. I might have time to do this later...
#1
Here's a patch that I think catches them all.