dbquery uses "%s" and should use '%s' or \'%s\'
| Project: | Question |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
--- P:/drupal_faqs/sites/all/modules/question/question.module_original Tue Oct 27 12:08:08 2009
+++ P:/drupal_faqs/sites/all/modules/question/question.module Tue Oct 27 13:20:30 2009
@@ -294,7 +294,7 @@
}
function question_queue_item_delete_submit($form, &$form_state) {
- db_query('DELETE FROM {question_queue} WHERE qid="%d"', $form_state['values']['qid']);
+ db_query('DELETE FROM {question_queue} WHERE qid = %d', $form_state['values']['qid']);
drupal_set_message(t('Item deleted'));
drupal_goto('admin/content/question');
}
@@ -424,7 +424,7 @@
function question_qform_submit($form, &$form_state) {
global $user;
$quid = $user->uid;
- db_query('INSERT INTO {question_queue} (questioner, quid, question) VALUES ("%s", %d, "%s")', $form_state['values']['questioner'], $quid, $form_state['values']['question']);
+ db_query("INSERT INTO {question_queue} (questioner, quid, question) VALUES ('%s', %d, '%s')", $form_state['values']['questioner'], $quid, $form_state['values']['question']);
$path = variable_get('question_thanks', '');
$dest = $_REQUEST['destination'];
unset($_REQUEST['destination']);