db_query bare %s

Appendix A, function reference, page 144 contains


db_query("SELECT name FROM {user} WHERE mail = %s", $tainted);

This should be:


db_query("SELECT name FROM {user} WHERE mail = '%s'", $tainted);

Note the quotes around %s.

Heine