X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=db.php;h=6f8b38d6a62237d2dc1612fdd3ac6af639be8680;hb=b45e6d51148bf9100d302713d3f8e6885fd072a3;hp=8ce6527fb3abf1365672a5a108f5d405fa440bfd;hpb=e8eec562c1b6d3420c3d035c9abdd1303cfbba23;p=wfpl.git

diff --git a/db.php b/db.php
index 8ce6527..6f8b38d 100644
--- a/db.php
+++ b/db.php
@@ -97,6 +97,7 @@ function db_send_query($sql) {
 # %i  put an integer in the output (strips non-numeric digits, and puts in 0 if blank)
 # %"  output double quotes, surrounding the variable which is encoded to be in there.
 # %s  output encoded to be in double quotes, but don't output the quotes
+# %$  output argument as-is, no encoding. Make sure you quote everything from the user!
 #
 # complex example: db_get_rows('mytable', 'id', 'where name=%" or company like "%%%s%%"', $name, $company_partial);
 
@@ -132,6 +133,8 @@ function _db_printf($str, $args) {
 			$int = format_int(array_shift($args));
 			if($int == '') $int = '0';
 			$out .= $int;
+		} elseif($chr == '$') {
+			$out .= array_shift($args);
 		} else {
 			$out .= $chr;
 		}