Index: modules/system/system.module
--- modules/system/system.module.orig	2008-04-09 23:11:49 +0200
+++ modules/system/system.module	2008-05-23 10:41:26 +0200
@@ -1431,7 +1439,7 @@
   if (is_numeric($action)) {
     $aid = $action;
     // Load stored parameter values from database.
-    $data = db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = %d", intval($aid)));
+    $data = db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = '%s'", $aid));
     $edit['actions_description'] = $data->description;
     $edit['actions_type'] = $data->type;
     $function = $data->callback;

Index: includes/actions.inc
--- includes/actions.inc.orig	2007-12-31 15:51:04 +0100
+++ includes/actions.inc	2008-05-23 11:22:17 +0200
@@ -54,7 +54,7 @@
     $where_values = array();
     foreach ($action_ids as $action_id) {
       if (is_numeric($action_id)) {
-        $where[] = 'OR aid = %d';
+        $where[] = "OR aid = '%s'";
         $where_values[] = $action_id;
       }
       elseif (isset($available_actions[$action_id])) {
@@ -93,7 +93,7 @@
   else {
     // If it's a configurable action, retrieve stored parameters.
     if (is_numeric($action_ids)) {
-      $action = db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = %d", $action_ids));
+      $action = db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = '%s'", $action_ids));
       $function = $action->callback;
       $context = array_merge($context, unserialize($action->parameters));
       $result[$action_ids] = $function($object, $context, $a1, $a2);
@@ -325,7 +325,7 @@
 function actions_save($function, $type, $params, $desc, $aid = NULL) {
   $serialized = serialize($params);
   if ($aid) {
-    db_query("UPDATE {actions} SET callback = '%s', type = '%s', parameters = '%s', description = '%s' WHERE aid = %d", $function, $type, $serialized, $desc, $aid);
+    db_query("UPDATE {actions} SET callback = '%s', type = '%s', parameters = '%s', description = '%s' WHERE aid = '%s'", $function, $type, $serialized, $desc, $aid);
     watchdog('actions', 'Action %action saved.', array('%action' => $desc));
   }
   else {
@@ -333,7 +333,7 @@
     // separate table for numeric aids.
     db_query('INSERT INTO {actions_aid} VALUES (default)');
     $aid = db_last_insert_id('actions_aid', 'aid');
-    db_query("INSERT INTO {actions} (aid, callback, type, parameters, description) VALUES (%d, '%s', '%s', '%s', '%s')", $aid, $function, $type, $serialized, $desc);
+    db_query("INSERT INTO {actions} (aid, callback, type, parameters, description) VALUES ('%s', '%s', '%s', '%s', '%s')", $aid, $function, $type, $serialized, $desc);
     watchdog('actions', 'Action %action created.', array('%action' => $desc));
   }
 
@@ -350,7 +350,7 @@
  *   The appropriate action row from the database as an object.
  */
 function actions_load($aid) {
-  return db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = %d", $aid));
+  return db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = '%s'", $aid));
 }
 
 /**
@@ -360,6 +360,6 @@
  *   integer The ID of the action to delete.
  */
 function actions_delete($aid) {
-  db_query("DELETE FROM {actions} WHERE aid = %d", $aid);
+  db_query("DELETE FROM {actions} WHERE aid = '%s'", $aid);
   module_invoke_all('actions_delete', $aid);
 }
Index: modules/user/user.admin.inc
--- modules/user/user.admin.inc.orig	2008-01-16 23:54:41 +0100
+++ modules/user/user.admin.inc	2008-05-23 11:24:13 +0200
@@ -737,13 +737,13 @@
       form_set_error('mask', t('You must enter a mask.'));
     }
     else {
-      db_query("UPDATE {access} SET mask = '%s', type = '%s', status = '%s' WHERE aid = %d", $edit['mask'], $edit['type'], $edit['status'], $aid);
+      db_query("UPDATE {access} SET mask = '%s', type = '%s', status = '%s' WHERE aid = '%s'", $edit['mask'], $edit['type'], $edit['status'], $aid);
       drupal_set_message(t('The access rule has been saved.'));
       drupal_goto('admin/user/rules');
     }
   }
   else {
-    $edit = db_fetch_array(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = %d', $aid));
+    $edit = db_fetch_array(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = '%s'', $aid));
   }
   return drupal_get_form('user_admin_access_edit_form', $edit, t('Save rule'));
 }
@@ -859,7 +859,7 @@
  */
 function user_admin_access_delete_confirm($form_state, $aid = 0) {
   $access_types = array('user' => t('username'), 'mail' => t('e-mail'), 'host' => t('host'));
-  $edit = db_fetch_object(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = %d', $aid));
+  $edit = db_fetch_object(db_query("SELECT aid, type, status, mask FROM {access} WHERE aid = '%s'", $aid));
 
   $form = array();
   $form['aid'] = array('#type' => 'hidden', '#value' => $aid);
@@ -873,7 +873,7 @@
 }
 
 function user_admin_access_delete_confirm_submit($form, &$form_state) {
-  db_query('DELETE FROM {access} WHERE aid = %d', $form_state['values']['aid']);
+  db_query("DELETE FROM {access} WHERE aid = '%s'", $form_state['values']['aid']);
   drupal_set_message(t('The access rule has been deleted.'));
   $form_state['redirect'] = 'admin/user/rules';
   return;