Code review (xmlsitemap_user)

: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.
: Function ereg() is deprecated in /opt/home/drupalcode/public_html/includes/file.inc on line 649.

Coder found 1 projects, 2 files

Coder provides helpful hints without false positives, but offers no guarantee for creating good code. You are the final arbitrar. If in doubt, read the Drupal documentation (see review links below and api.drupal.org).

Use the Selection Form to select options for this code review, or change the Default Settings and use the Default tab above.

sites/default/modules/xmlsitemap/xmlsitemap_user/xmlsitemap_user.module

xmlsitemap_user.module

Line 196: In SQL strings, Use db_query() placeholders in place of variables. This is a protential source of SQL injection attacks when the variable can come from user data. (Drupal Docs)
```
      $pid = db_result(db_query("SELECT pid FROM {url_alias} WHERE src = '%s'", "user/$account->uid"));
```
Explanation: Use %s and %d variable substitution. When inserting an array of values use $placeholders = implode(',', array_fill(0, count($args), "'%s'"));
Line 212: In SQL strings, Use db_query() placeholders in place of variables. This is a protential source of SQL injection attacks when the variable can come from user data. (Drupal Docs)
```
      $pid = db_result(db_query("SELECT pid FROM {url_alias} WHERE src = '%s'", "user/$account->uid"));
```
Explanation: Use %s and %d variable substitution. When inserting an array of values use $placeholders = implode(',', array_fill(0, count($args), "'%s'"));

sites/default/modules/xmlsitemap/xmlsitemap_user/xmlsitemap_user.install

xmlsitemap_user.install

No Problems Found

aggregator (core)	googleanalytics (active)	taxonomy (active) (core)
api (active)	help (active) (core)	throttle (core)
block (active) (core)	legacy	tracker (core)
blog (core)	locale (core)	upload (core)
blogapi (core)	menu (active) (core)	user (active) (core)
book (core)	node (active) (core)	watchdog (active)
coder (active)	path (active) (core)	xmlsitemap (active)
color (active) (core)	ping (core)	xmlsitemap_engines (active)
comment (active) (core)	poll (core)	xmlsitemap_node (active)
contact (core)	profile (core)	xmlsitemap_term (active)
drupal (core)	search (core)	xmlsitemap_user (active)
filter (active) (core)	statistics (active) (core)
forum (core)	system (active) (core)

bluemarine (core)	garland (active) (core)	minnelli (core)
chameleon (core)	marvin (core)	pushbutton (core)

drupalcode.com

Search Drupal 5

Navigation