3,454: $id = "'" . mysql_escape_string($args["id"]) . "'";  
3,474: mysql_query("UPDATE " . EWIKI_DB_TABLE_NAME . " SET hits=(hits+1) WHERE pagename='" . mysql_escape_string($args["id"]) . "'");  
3,501: $sql2 .= $a . "'" . mysql_escape_string($value) . "'";  
3,526: "(pagename='" . mysql_escape_string($id) . "')";  
3,574: " WHERE LOCATE('" . mysql_escape_string($content) . "', LCASE($field)) " .  
3,591: $id = mysql_escape_string($args["id"]);