From f4116040c1a4349478c5436f1888f4e560b908b6 Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Thu, 29 Jun 2017 13:03:10 +1000
Subject: [PATCH] sanitise data before inserting

---
 booking.regn_node.inc | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/booking.regn_node.inc b/booking.regn_node.inc
index a00d43e..9fada96 100644
--- a/booking.regn_node.inc
+++ b/booking.regn_node.inc
@@ -276,7 +276,15 @@ function booking_insert($node) {
 	watchdog('booking_debug', "<pre>Inserting node:\n@info</pre>", array('@info' => print_r($node, TRUE)));
 	//TODO: Generalise this by using the keys from $node instead of hard coding everything
 	
-	db_insert('booking_person')->fields($node)->execute();
+	$data = array();
+	foreach ($node as $key => $value) {
+		//check if the key is a field that belongs in the database
+		if ((strpos($key, "booking_") === 0) || $key === "nid") {
+			$data[$key] = $value;
+		}
+	}
+	watchdog('booking_debug', "<pre>Sanitised data:\n@info</pre>", array('@info' => print_r($data, TRUE)));
+	db_insert('booking_person')->fields($data)->execute();
 
 	/*
 	db_insert('booking_person')