Index: includes/database.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.inc,v
retrieving revision 1.38
diff -u -F^f -r1.38 database.inc
--- includes/database.inc	5 Feb 2005 00:12:24 -0000	1.38
+++ includes/database.inc	20 Feb 2005 19:12:08 -0000
@@ -129,8 +129,13 @@ function db_set_active($name = 'default'
  *   A string containing an SQL query.
  * @param ...
  *   A variable number of arguments which are substituted into the query using
- *   printf() syntax. Instead of a variable number of query arguments, you may
- *   also pass a single array containing the query arguments.
+ *   printf() syntax. The query arguments can be enclosed in one array instead.
+ *   For INSERT and UPDATE queries the arguments should be present in an 
+ *   array in which the keys name the database columns. For UPDATE queries
+ *   additional parameters can be passed as single arguments after the array.
+ *   Examples:
+ *   db_query('INSERT INTO {node} %a', array('nid' => 42, 'title' => 'foo bar', ...));
+ *   db_query('UPDATE {node} SET %a WHERE nid = %d', array('uid' => 42, 'title' => 'foo bar'), $node->nid);
  * @return
  *   A database query result resource, or FALSE if the query was not executed
  *   correctly.
@@ -139,8 +144,20 @@ function db_query($query) {
   $args = func_get_args();
   $query = db_prefix_tables($query);
   if (count($args) > 1) {
+    if (strpos($query, '%a') !== FALSE) {
+      if (strpos($query, 'INSERT') !== FALSE) {
+        $keys = array_keys($args[1]);
+        $insert = '('. implode(', ', $keys) .') VALUES ('. implode(', ', array_pad(array(), count($keys), "'%s'")) .')';
+        $query = str_replace('%a', $insert, $query);
+      }
+      else if (strpos($query, 'UPDATE') !== FALSE) {
+        $keys = array_keys($args[1]);
+        $update = implode(" = '%s', ", $keys) ." = '%s'";
+        $query = str_replace('%a', $update, $query);
+      }
+    }
     if (is_array($args[1])) {
-      $args = array_merge(array($query), $args[1]);
+      $args = array_merge(array($query), $args[1], array_slice($args, 2));
     }
     $args = array_map('db_escape_string', $args);
     $args[0] = $query;