use raw db queries wherever query items could contain '%'

2010-11-09 15:11:47 -08:00 · 2010-11-09 15:11:47 -08:00 · f7c0480f1b
commit f7c0480f1b
parent c50f491c3d
4 changed files with 13 additions and 3 deletions
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@ -106,7 +106,7 @@ function dfrn_notify_post(&$a) {
 		
 		dbesc_array($msg);

-		$r = q("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg)) 
+		$r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg)) 
 			. "`) VALUES ('" . implode("', '", array_values($msg)) . "')" );

 		// send email notification if requested.
--- a/mod/profiles.php
+++ b/mod/profiles.php
@ -249,7 +249,7 @@ function profiles_content(&$a) {

 		dbesc_array($r1[0]);

-		$r2 = q("INSERT INTO `profile` (`" 
+		$r2 = dbq("INSERT INTO `profile` (`" 
 			. implode("`, `", array_keys($r1[0])) 
 			. "`) VALUES ('" 
 			. implode("', '", array_values($r1[0]))