Index: modules/block/block.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/block/block.module,v
retrieving revision 1.309
diff -u -r1.309 block.module
--- modules/block/block.module	21 Aug 2008 19:36:36 -0000	1.309
+++ modules/block/block.module	31 Aug 2008 13:23:49 -0000
@@ -184,7 +184,7 @@
       $blocks = array();
 
       $result = db_query('SELECT bid, info FROM {boxes} ORDER BY info');
-      while ($block = db_fetch_object($result)) {
+      foreach ($result as $block) {
         $blocks[$block->bid]['info'] = $block->info;
         // Not worth caching.
         $blocks[$block->bid]['cache'] = BLOCK_NO_CACHE;
@@ -206,7 +206,8 @@
       break;
 
     case 'view':
-      $block = db_fetch_object(db_query('SELECT body, format FROM {boxes} WHERE bid = %d', $delta));
+      $result = db_query('SELECT body, format FROM {boxes} WHERE bid = :bid', array(':bid' => $delta));
+      $block = $result->fetch();
       $data['content'] = check_markup($block->body, $block->format, FALSE);
       return $data;
   }
@@ -223,9 +224,9 @@
 
   init_theme();
 
-  $result = db_query("SELECT * FROM {blocks} WHERE theme = '%s'", $theme_key);
+  $result = db_query("SELECT * FROM {blocks} WHERE theme = :theme", array(':theme' => $theme_key), array('fetch' => PDO::FETCH_ASSOC));
   $old_blocks = array();
-  while ($old_block = db_fetch_array($result)) {
+  foreach ($result as $old_block) {
     $old_blocks[$old_block['module']][$old_block['delta']] = $old_block;
   }
 
@@ -283,14 +284,15 @@
   // Remove blocks that are no longer defined by the code from the database.
   foreach ($old_blocks as $module => $old_module_blocks) {
     foreach ($old_module_blocks as $delta => $block) {
-      db_query("DELETE FROM {blocks} WHERE module = '%s' AND delta = '%s' AND theme = '%s'", $module, $delta, $theme_key);
+      db_delete('blocks')->condition('module', $module)->condition('delta', $delta)->condition('theme', $theme_key)->execute();
     }
   }
   return $blocks;
 }
 
 function block_box_get($bid) {
-  return db_fetch_array(db_query("SELECT * FROM {boxes} WHERE bid = %d", $bid));
+  $result = db_query("SELECT * FROM {boxes} WHERE bid = :bid", array(':bid' => $bid), array('fetch' => PDO::FETCH_ASSOC));
+  return $result->fetch();
 }
 
 /**
@@ -332,8 +334,12 @@
     $edit['format'] = FILTER_FORMAT_DEFAULT;
   }
 
-  db_query("UPDATE {boxes} SET body = '%s', info = '%s', format = %d WHERE bid = %d", $edit['body'], $edit['info'], $edit['format'], $delta);
-
+  db_update('boxes')->fields(array(
+    'body' => $edit['body'],
+    'info' => $edit['info'],
+    'format' => $edit['format'],
+  ))->condition('bid', $delta)->execute();
+  
   return TRUE;
 }
 
@@ -348,7 +354,11 @@
     case 'form':
       if ($category == 'account') {
         $rids = array_keys($account->roles);
+        // TODO: rewrite this as a dynamic query:
         $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (" . db_placeholders($rids) . ") OR r.rid IS NULL) ORDER BY b.weight, b.module", $rids);
+        //$query = db_select('blocks');
+        //$query->addField('b.*');
+        // ...
         $form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
         while ($block = db_fetch_object($result)) {
           $data = module_invoke($block->module, 'block', 'list');
@@ -413,7 +423,11 @@
 
   $blocks = array();
   $rids = array_keys($user->roles);
+  // TODO: rewrite this as a dynamic query:
   $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (" . db_placeholders($rids) . ") OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), array_merge(array($theme_key), $rids));
+  //$query = db_select('blocks');
+  //$query->addField('b.*');
+  // ...
   while ($block = db_fetch_object($result)) {
     if (!isset($blocks[$block->region])) {
       $blocks[$block->region] = array();
Index: modules/block/block.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/block/block.admin.inc,v
retrieving revision 1.19
diff -u -r1.19 block.admin.inc
--- modules/block/block.admin.inc	16 Jul 2008 21:59:25 -0000	1.19
+++ modules/block/block.admin.inc	31 Aug 2008 13:23:49 -0000
@@ -95,7 +95,12 @@
   foreach ($form_state['values'] as $block) {
     $block['status'] = $block['region'] != BLOCK_REGION_NONE;
     $block['region'] = $block['status'] ? $block['region'] : '';
-    db_query("UPDATE {blocks} SET status = %d, weight = %d, region = '%s' WHERE module = '%s' AND delta = '%s' AND theme = '%s'", $block['status'], $block['weight'], $block['region'], $block['module'], $block['delta'], $block['theme']);
+    // TODO: Not being saved.
+    db_update('blocks')->fields(array(
+      'status' => $block['status'],
+      'weight' => $block['weight'],
+      'region' => $block['region'],
+    ))->condition('module', $block['module'])->condition('delta', $block['delta'])->condition('theme', $block['theme']);
   }
   drupal_set_message(t('The block settings have been updated.'));
   cache_clear_all();
@@ -148,8 +153,9 @@
     '#value' => $delta,
   );
 
-  $edit = db_fetch_array(db_query("SELECT pages, visibility, custom, title FROM {blocks} WHERE module = '%s' AND delta = '%s'", $module, $delta));
-
+  $query = db_query("SELECT pages, visibility, custom, title FROM {blocks} WHERE module = :module AND delta = :delta", array(':module' => $module, ':delta' => $delta), array('fetch' => PDO::FETCH_ASSOC));
+  $edit = $query->fetch();
+  
   $form['block_settings'] = array(
     '#type' => 'fieldset',
     '#title' => t('Block specific settings'),
@@ -197,13 +203,13 @@
 
   // Role-based visibility settings.
   $default_role_options = array();
-  $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
-  while ($role = db_fetch_object($result)) {
+  $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = :module AND delta = :delta", array(':module' => $module, ':delta' => $delta));
+  foreach ($result as $role) {
     $default_role_options[] = $role->rid;
   }
   $result = db_query('SELECT rid, name FROM {role} ORDER BY name');
   $role_options = array();
-  while ($role = db_fetch_object($result)) {
+  foreach ($result as $role) {
     $role_options[$role->rid] = $role->name;
   }
   $form['role_vis_settings'] = array(
@@ -263,6 +269,7 @@
 
 function block_admin_configure_validate($form, &$form_state) {
   if ($form_state['values']['module'] == 'block') {
+    // TODO:
     if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE bid != %d AND info = '%s'", $form_state['values']['delta'], $form_state['values']['info']))) {
       form_set_error('info', t('Please ensure that each block description is unique.'));
     }
@@ -271,6 +278,7 @@
 
 function block_admin_configure_submit($form, &$form_state) {
   if (!form_get_errors()) {
+    // TODO:
     db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d, title = '%s' WHERE module = '%s' AND delta = '%s'", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $form_state['values']['delta']);
     db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_state['values']['module'], $form_state['values']['delta']);
     foreach (array_filter($form_state['values']['roles']) as $rid) {
@@ -292,6 +300,7 @@
 }
 
 function block_add_block_form_validate($form, &$form_state) {
+  // TODO:
   if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE info = '%s'", $form_state['values']['info']))) {
     form_set_error('info', t('Please ensure that each block description is unique.'));
   }
@@ -301,16 +310,19 @@
  * Save the new custom block.
  */
 function block_add_block_form_submit($form, &$form_state) {
+  // TODO:
   db_query("INSERT INTO {boxes} (body, info, format) VALUES ('%s', '%s', %d)", $form_state['values']['body'], $form_state['values']['info'], $form_state['values']['format']);
   $delta = db_last_insert_id('boxes', 'bid');
 
   foreach (list_themes() as $key => $theme) {
     if ($theme->status) {
+      // TODO:
       db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(%d, '%s', %d, '%s', '%s', '%s', %d, %d, %d, %d)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE);
     }
   }
 
   foreach (array_filter($form_state['values']['roles']) as $rid) {
+    // TODO:
     db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_state['values']['module'], $delta);
   }
 
@@ -337,6 +349,7 @@
  * Deletion of custom blocks.
  */
 function block_box_delete_submit($form, &$form_state) {
+  // TODO:
   db_query('DELETE FROM {boxes} WHERE bid = %d', $form_state['values']['bid']);
   db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = %d", $form_state['values']['bid']);
   drupal_set_message(t('The block %name has been removed.', array('%name' => $form_state['values']['info'])));