Index: modules/blog/blog.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/blog/blog.pages.inc,v
retrieving revision 1.1
diff -u -r1.1 blog.pages.inc
--- modules/blog/blog.pages.inc 22 Jul 2007 06:48:25 -0000 1.1
+++ modules/blog/blog.pages.inc 5 Oct 2007 07:23:46 -0000
@@ -31,7 +31,7 @@
$output = '';
}
- $result = pager_query(db_rewrite_sql("SELECT n.nid, n.sticky, n.created FROM {node} n WHERE n.type = 'blog' AND n.uid = %d AND n.status = 1 ORDER BY n.sticky DESC, n.created DESC"), variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
+ $result = pager_query(db_rewrite_sql("SELECT n.nid, n.sticky, n.created FROM {node} n WHERE n.type = 'blog' AND n.uid = ? AND n.status = 1 ORDER BY n.sticky DESC, n.created DESC"), variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load($node->nid), 1);
}
@@ -77,7 +77,7 @@
$account = $user;
}
- $result = db_query_range(db_rewrite_sql("SELECT n.nid, n.created FROM {node} n WHERE n.type = 'blog' AND n.uid = %d AND n.status = 1 ORDER BY n.created DESC"), $uid, 0, variable_get('feed_default_items', 10));
+ $result = db_query_range(db_rewrite_sql("SELECT n.nid, n.created FROM {node} n WHERE n.type = 'blog' AND n.uid = ? AND n.status = 1 ORDER BY n.created DESC"), $uid, 0, variable_get('feed_default_items', 10));
$channel['title'] = $account->name ."'s blog";
$channel['link'] = url("blog/$uid", array('absolute' => TRUE));
Index: modules/blog/blog.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/blog/blog.module,v
retrieving revision 1.285
diff -u -r1.285 blog.module
--- modules/blog/blog.module 12 Aug 2007 15:55:35 -0000 1.285
+++ modules/blog/blog.module 5 Oct 2007 07:23:46 -0000
@@ -90,7 +90,7 @@
$node->body = ''. $blog->body .' ['. l($blog->name, "node/$nid") .']';
}
- if ($iid && $item = db_fetch_object(db_query('SELECT i.*, f.title as ftitle, f.link as flink FROM {aggregator_item} i, {aggregator_feed} f WHERE i.iid = %d AND i.fid = f.fid', $iid))) {
+ if ($iid && $item = db_fetch_object(db_query('SELECT i.*, f.title as ftitle, f.link as flink FROM {aggregator_item} i, {aggregator_feed} f WHERE i.iid = ? AND i.fid = f.fid', $iid))) {
$node->title = $item->title;
// Note: $item->description has been validated on aggregation.
$node->body = ''. check_plain($item->title) .' - '. $item->description .' ['. check_plain($item->ftitle) ."]\n";
Index: modules/book/book.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/book/book.pages.inc,v
retrieving revision 1.1
diff -u -r1.1 book.pages.inc
--- modules/book/book.pages.inc 11 Sep 2007 17:35:58 -0000 1.1
+++ modules/book/book.pages.inc 5 Oct 2007 07:23:46 -0000
@@ -237,7 +237,7 @@
if ($node->nid != $node->book['bid']) {
// Only allowed when this is not a book (top-level page).
menu_link_delete($node->book['mlid']);
- db_query('DELETE FROM {book} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {book} WHERE nid = ?', $node->nid);
drupal_set_message(t('The post has been removed from the book.'));
}
$form_state['redirect'] = 'node/'. $node->nid;
Index: modules/book/book.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/book/book.install,v
retrieving revision 1.9
diff -u -r1.9 book.install
--- modules/book/book.install 26 Aug 2007 07:20:07 -0000 1.9
+++ modules/book/book.install 5 Oct 2007 07:23:46 -0000
@@ -155,7 +155,7 @@
while ($book = db_fetch_array($result)) {
$has_rows = TRUE;
// Orphans are defined as nodes whose parent does not exist in the table.
- if ($book['parent'] && !db_result(db_query("SELECT COUNT(*) FROM {book_temp} WHERE nid = %d", $book['parent']))) {
+ if ($book['parent'] && !db_result(db_query("SELECT COUNT(*) FROM {book_temp} WHERE nid = ?", $book['parent']))) {
if (empty($_SESSION['book_update_6000_orphans']['book'])) {
// The first orphan becomes the parent for all other orphans.
$book['parent'] = 0;
@@ -192,14 +192,14 @@
$book = array_pop($_SESSION['book_update_6000']);
// Add all of this node's children to the stack
- $result = db_query("SELECT * FROM {book_temp} WHERE parent = %d", $book['nid']);
+ $result = db_query("SELECT * FROM {book_temp} WHERE parent = ?", $book['nid']);
while ($a = db_fetch_array($result)) {
$_SESSION['book_update_6000'][] = $a;
}
if ($book['parent']) {
// If its not a top level page, get its parent's mlid.
- $parent = db_fetch_array(db_query("SELECT b.mlid AS plid, b.bid FROM {book} b WHERE b.nid = %d", $book['parent']));
+ $parent = db_fetch_array(db_query("SELECT b.mlid AS plid, b.bid FROM {book} b WHERE b.nid = ?", $book['parent']));
$book = array_merge($book, $parent);
}
else {
@@ -214,18 +214,18 @@
'router_path' => 'node/%',
'menu_name' => book_menu_name($book['bid']),
);
- $book = array_merge($book, db_fetch_array(db_query("SELECT title AS link_title FROM {node} WHERE nid = %d", $book['nid'])));
+ $book = array_merge($book, db_fetch_array(db_query("SELECT title AS link_title FROM {node} WHERE nid = ?", $book['nid'])));
// Items with depth > MENU_MAX_DEPTH cannot be saved.
if (menu_link_save($book)) {
- db_query("INSERT INTO {book} (mlid, nid, bid) VALUES (%d, %d, %d)", $book['mlid'], $book['nid'], $book['bid']);
+ db_query("INSERT INTO {book} (mlid, nid, bid) VALUES (?, ?, ?)", $book['mlid'], $book['nid'], $book['bid']);
}
else {
// The depth was greater then MENU_MAX_DEPTH, so attach it to the
// closest valid parent.
- $book['plid'] = db_result(db_query("SELECT plid FROM {menu_links} WHERE mlid = %d", $book['plid']));
+ $book['plid'] = db_result(db_query("SELECT plid FROM {menu_links} WHERE mlid = ?", $book['plid']));
if (menu_link_save($book)) {
- db_query("INSERT INTO {book} (mlid, nid, bid) VALUES (%d, %d, %d)", $book['mlid'], $book['nid'], $book['bid']);
+ db_query("INSERT INTO {book} (mlid, nid, bid) VALUES (?, ?, ?)", $book['mlid'], $book['nid'], $book['bid']);
}
}
$update_count--;
Index: modules/book/book.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/book/book.module,v
retrieving revision 1.442
diff -u -r1.442 book.module
--- modules/book/book.module 11 Sep 2007 17:35:58 -0000 1.442
+++ modules/book/book.module 5 Oct 2007 07:23:46 -0000
@@ -203,7 +203,7 @@
}
elseif ($current_bid) {
// Only display this block when the user is browsing a book.
- $title = db_result(db_query(db_rewrite_sql('SELECT n.title FROM {node} n WHERE n.nid = %d'), $node->book['bid']));
+ $title = db_result(db_query(db_rewrite_sql('SELECT n.title FROM {node} n WHERE n.nid = ?'), $node->book['bid']));
// Only show the block if the user has view access for the top-level node.
if ($title) {
$tree = menu_tree_all_data($node->book['menu_name'], $node->book);
@@ -459,20 +459,20 @@
else {
// Check in case the parent is not is this book; the book takes precedence.
if (!empty($node->book['plid'])) {
- $parent = db_fetch_array(db_query("SELECT * FROM {book} WHERE mlid = %d", $node->book['plid']));
+ $parent = db_fetch_array(db_query("SELECT * FROM {book} WHERE mlid = ?", $node->book['plid']));
}
if (empty($node->book['plid']) || !$parent || $parent['bid'] != $node->book['bid']) {
- $node->book['plid'] = db_result(db_query("SELECT mlid FROM {book} WHERE nid = %d", $node->book['bid']));
+ $node->book['plid'] = db_result(db_query("SELECT mlid FROM {book} WHERE nid = ?", $node->book['bid']));
$node->book['parent_mismatch'] = TRUE; // Likely when JS is disabled.
}
}
if (menu_link_save($node->book)) {
if ($new) {
// Insert new.
- db_query("INSERT INTO {book} (nid, mlid, bid) VALUES (%d, %d, %d)", $node->nid, $node->book['mlid'], $node->book['bid']);
+ db_query("INSERT INTO {book} (nid, mlid, bid) VALUES (?, ?, ?)", $node->nid, $node->book['mlid'], $node->book['bid']);
}
else {
- if ($node->book['bid'] != db_result(db_query("SELECT bid FROM {book} WHERE nid = %d", $node->nid))) {
+ if ($node->book['bid'] != db_result(db_query("SELECT bid FROM {book} WHERE nid = ?", $node->nid))) {
// Update the bid for this page and all children.
book_update_bid($node->book);
}
@@ -492,7 +492,7 @@
function book_update_bid($book_link) {
for ($i = 1; $i <= MENU_MAX_DEPTH && $book_link["p$i"]; $i++) {
- $match[] = "p$i = %d";
+ $match[] = "p$i = ?";
$args[] = $book_link["p$i"];
}
$result = db_query("SELECT mlid FROM {menu_links} WHERE ". implode(' AND ', $match), $args);
@@ -502,7 +502,7 @@
$mlids[] = $a['mlid'];
}
if ($mlids) {
- db_query("UPDATE {book} SET bid = %d WHERE mlid IN (". implode(',', $mlids) .")", $book_link['bid']);
+ db_query("UPDATE {book} SET bid = ? WHERE mlid IN (". implode(',', $mlids) .")", $book_link['bid']);
}
}
@@ -660,7 +660,7 @@
switch ($op) {
case 'load':
// Note - we cannot use book_link_load() because it will call node_load()
- $info['book'] = db_fetch_array(db_query('SELECT * FROM {book} b INNER JOIN {menu_links} ml ON b.mlid = ml.mlid WHERE b.nid = %d', $node->nid));
+ $info['book'] = db_fetch_array(db_query('SELECT * FROM {book} b INNER JOIN {menu_links} ml ON b.mlid = ml.mlid WHERE b.nid = ?', $node->nid));
if ($info['book']) {
$info['book']['href'] = $info['book']['link_path'];
$info['book']['title'] = $info['book']['link_title'];
@@ -706,7 +706,7 @@
if (!empty($node->book['bid'])) {
if ($node->nid == $node->book['bid']) {
// Handle deletion of a top-level post.
- $result = db_query("SELECT b.nid FROM {menu_links} ml INNER JOIN {book} b on b.mlid = ml.mlid WHERE ml.plid = %d", $node->book['mlid']);
+ $result = db_query("SELECT b.nid FROM {menu_links} ml INNER JOIN {book} b on b.mlid = ml.mlid WHERE ml.plid = ?", $node->book['mlid']);
while ($child = db_fetch_array($result)) {
$child_node = node_load($child['nid']);
$child_node->book['bid'] = $child_node->nid;
@@ -714,7 +714,7 @@
}
}
menu_link_delete($node->book['mlid']);
- db_query('DELETE FROM {book} WHERE mlid = %d', $node->book['mlid']);
+ db_query('DELETE FROM {book} WHERE mlid = ?', $node->book['mlid']);
}
break;
case 'prepare':
@@ -1016,7 +1016,7 @@
* Do not call when loading a node, since this function may call node_load().
*/
function book_link_load($mlid) {
- if ($item = db_fetch_array(db_query("SELECT * FROM {menu_links} ml INNER JOIN {book} b ON b.mlid = ml.mlid LEFT JOIN {menu_router} m ON m.path = ml.router_path WHERE ml.mlid = %d", $mlid))) {
+ if ($item = db_fetch_array(db_query("SELECT * FROM {menu_links} ml INNER JOIN {book} b ON b.mlid = ml.mlid LEFT JOIN {menu_router} m ON m.path = ml.router_path WHERE ml.mlid = ?", $mlid))) {
_menu_link_translate($item);
return $item;
}
@@ -1045,11 +1045,11 @@
$data = $cache->data;
}
else {
- $match = array("menu_name = '%s'");
+ $match = array("menu_name = ?");
$args = array($item['menu_name']);
$i = 1;
while ($i <= MENU_MAX_DEPTH && $item["p$i"]) {
- $match[] = "p$i = %d";
+ $match[] = "p$i = ?";
$args[] = $item["p$i"];
$i++;
}
Index: modules/book/book.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/book/book.admin.inc,v
retrieving revision 1.3
diff -u -r1.3 book.admin.inc
--- modules/book/book.admin.inc 28 Sep 2007 15:44:13 -0000 1.3
+++ modules/book/book.admin.inc 5 Oct 2007 07:23:46 -0000
@@ -113,7 +113,7 @@
}
}
// Insure we have the current title - it may have been changed in the form.
- $title = db_result(db_query("SELECT title FROM {node} WHERE nid = %d", $form['#node']->nid));
+ $title = db_result(db_query("SELECT title FROM {node} WHERE nid = ?", $form['#node']->nid));
drupal_set_message(t('Updated book %title.', array('%title' => $title)));
}
Index: modules/comment/comment.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.install,v
retrieving revision 1.4
diff -u -r1.4 comment.install
--- modules/comment/comment.install 30 Jul 2007 21:27:34 -0000 1.4
+++ modules/comment/comment.install 5 Oct 2007 07:23:46 -0000
@@ -16,7 +16,7 @@
*/
function comment_update_1() {
// Change any future last comment timestamps to now.
- db_query('UPDATE {node_comment_statistics} SET last_comment_timestamp = %d WHERE last_comment_timestamp > %d', time(), time());
+ db_query('UPDATE {node_comment_statistics} SET last_comment_timestamp = ? WHERE last_comment_timestamp > ?', time(), time());
// Unstuck node indexing timestamp if needed.
if (($last = variable_get('node_cron_last', FALSE)) !== FALSE) {
Index: modules/comment/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v
retrieving revision 1.586
diff -u -r1.586 comment.module
--- modules/comment/comment.module 3 Oct 2007 17:59:50 -0000 1.586
+++ modules/comment/comment.module 5 Oct 2007 07:23:48 -0000
@@ -307,7 +307,7 @@
if (!empty($nids)) {
// From among the comments on the nodes selected in the first query,
// find the $number most recent comments.
- $result = db_query_range('SELECT c.nid, c.subject, c.cid, c.timestamp FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid WHERE c.nid IN ('. implode(',', $nids) .') AND n.status = 1 AND c.status = %d ORDER BY c.timestamp DESC', COMMENT_PUBLISHED, 0, $number);
+ $result = db_query_range('SELECT c.nid, c.subject, c.cid, c.timestamp FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid WHERE c.nid IN ('. implode(',', $nids) .') AND n.status = 1 AND c.status = ? ORDER BY c.timestamp DESC', COMMENT_PUBLISHED, 0, $number);
while ($comment = db_fetch_object($result)) {
$comments[] = $comment;
}
@@ -339,15 +339,15 @@
// Threaded comments. See the documentation for comment_render().
if ($order == COMMENT_ORDER_NEWEST_FIRST) {
// Newest first: find the last thread with new comment
- $result = db_query('(SELECT thread FROM {comments} WHERE nid = %d AND status = 0 ORDER BY timestamp DESC LIMIT %d) ORDER BY thread DESC LIMIT 1', $nid, $new_replies);
+ $result = db_query('(SELECT thread FROM {comments} WHERE nid = ? AND status = 0 ORDER BY timestamp DESC LIMIT ?) ORDER BY thread DESC LIMIT 1', $nid, $new_replies);
$thread = db_result($result);
- $result_count = db_query("SELECT COUNT(*) FROM {comments} WHERE nid = %d AND status = 0 AND thread > '". $thread ."'", $nid);
+ $result_count = db_query("SELECT COUNT(*) FROM {comments} WHERE nid = ? AND status = 0 AND thread > '". $thread ."'", $nid);
}
else {
// Oldest first: find the first thread with new comment
- $result = db_query('(SELECT thread FROM {comments} WHERE nid = %d AND status = 0 ORDER BY timestamp DESC LIMIT %d) ORDER BY SUBSTRING(thread, 1, (LENGTH(thread) - 1)) LIMIT 1', $nid, $new_replies);
+ $result = db_query('(SELECT thread FROM {comments} WHERE nid = ? AND status = 0 ORDER BY timestamp DESC LIMIT ?) ORDER BY SUBSTRING(thread, 1, (LENGTH(thread) - 1)) LIMIT 1', $nid, $new_replies);
$thread = substr(db_result($result), 0, -1);
- $result_count = db_query("SELECT COUNT(*) FROM {comments} WHERE nid = %d AND status = 0 AND SUBSTRING(thread, 1, (LENGTH(thread) - 1)) < '". $thread ."'", $nid);
+ $result_count = db_query("SELECT COUNT(*) FROM {comments} WHERE nid = ? AND status = 0 AND SUBSTRING(thread, 1, (LENGTH(thread) - 1)) < '". $thread ."'", $nid);
}
$count = db_result($result_count);
}
@@ -496,7 +496,7 @@
function comment_nodeapi(&$node, $op, $arg = 0) {
switch ($op) {
case 'load':
- return db_fetch_array(db_query("SELECT last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid = %d", $node->nid));
+ return db_fetch_array(db_query("SELECT last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid = ?", $node->nid));
break;
case 'prepare':
@@ -506,24 +506,24 @@
break;
case 'insert':
- db_query('INSERT INTO {node_comment_statistics} (nid, last_comment_timestamp, last_comment_name, last_comment_uid, comment_count) VALUES (%d, %d, NULL, %d, 0)', $node->nid, $node->changed, $node->uid);
+ db_query('INSERT INTO {node_comment_statistics} (nid, last_comment_timestamp, last_comment_name, last_comment_uid, comment_count) VALUES (?, ?, NULL, ?, 0)', $node->nid, $node->changed, $node->uid);
break;
case 'delete':
- db_query('DELETE FROM {comments} WHERE nid = %d', $node->nid);
- db_query('DELETE FROM {node_comment_statistics} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {comments} WHERE nid = ?', $node->nid);
+ db_query('DELETE FROM {node_comment_statistics} WHERE nid = ?', $node->nid);
break;
case 'update index':
$text = '';
- $comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = %d AND status = %d', $node->nid, COMMENT_PUBLISHED);
+ $comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = ? AND status = ?', $node->nid, COMMENT_PUBLISHED);
while ($comment = db_fetch_object($comments)) {
$text .= ''. check_plain($comment->subject) .'
'. check_markup($comment->comment, $comment->format, FALSE);
}
return $text;
case 'search result':
- $comments = db_result(db_query('SELECT comment_count FROM {node_comment_statistics} WHERE nid = %d', $node->nid));
+ $comments = db_result(db_query('SELECT comment_count FROM {node_comment_statistics} WHERE nid = ?', $node->nid));
return format_plural($comments, '1 comment', '@count comments');
case 'rss item':
@@ -541,8 +541,8 @@
*/
function comment_user($type, $edit, &$user, $category = NULL) {
if ($type == 'delete') {
- db_query('UPDATE {comments} SET uid = 0 WHERE uid = %d', $user->uid);
- db_query('UPDATE {node_comment_statistics} SET last_comment_uid = 0 WHERE last_comment_uid = %d', $user->uid);
+ db_query('UPDATE {comments} SET uid = 0 WHERE uid = ?', $user->uid);
+ db_query('UPDATE {node_comment_statistics} SET last_comment_uid = 0 WHERE last_comment_uid = ?', $user->uid);
}
}
@@ -660,7 +660,7 @@
function comment_edit($cid) {
global $user;
- $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d', $cid));
+ $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = ?', $cid));
$comment = drupal_unpack($comment);
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
if (comment_access('edit', $comment)) {
@@ -714,7 +714,7 @@
// $pid indicates that this is a reply to a comment.
if ($pid) {
// load the comment whose cid = $pid
- if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED))) {
+ if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = ? AND c.status = ?', $pid, COMMENT_PUBLISHED))) {
// If that comment exists, make sure that the current comment and the parent comment both
// belong to the same parent node.
if ($comment->nid != $node->nid) {
@@ -781,7 +781,7 @@
);
if ($edit['cid']) {
// Update the comment in the database.
- db_query("UPDATE {comments} SET status = %d, timestamp = %d, subject = '%s', comment = '%s', format = %d, uid = %d, name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['mail'], $edit['homepage'], $edit['cid']);
+ db_query("UPDATE {comments} SET status = ?, timestamp = ?, subject = ?, comment = ?, format = ?, uid = ?, name = ?, mail = ?, homepage = ? WHERE cid = ?", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['mail'], $edit['homepage'], $edit['cid']);
// Allow modules to respond to the updating of a comment.
comment_invoke_comment($edit, 'update');
@@ -796,7 +796,7 @@
if ($edit['pid'] == 0) {
// This is a comment with no parent comment (depth 0): we start
// by retrieving the maximum thread level.
- $max = db_result(db_query('SELECT MAX(thread) FROM {comments} WHERE nid = %d', $edit['nid']));
+ $max = db_result(db_query('SELECT MAX(thread) FROM {comments} WHERE nid = ?', $edit['nid']));
// Strip the "/" from the end of the thread.
$max = rtrim($max, '/');
@@ -815,7 +815,7 @@
$parent->thread = (string) rtrim((string) $parent->thread, '/');
// Get the max value in _this_ thread.
- $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE '%s.%%' AND nid = %d", $parent->thread, $edit['nid']));
+ $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE '%s.%%' AND nid = ?", $parent->thread, $edit['nid']));
if ($max == '') {
// First child of this parent.
@@ -841,7 +841,7 @@
$edit['name'] = $user->name;
}
- db_query("INSERT INTO {comments} (nid, pid, uid, subject, comment, format, hostname, timestamp, status, thread, name, mail, homepage) VALUES (%d, %d, %d, '%s', '%s', %d, '%s', %d, %d, '%s', '%s', '%s', '%s')", $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], ip_address(), $edit['timestamp'], $edit['status'], $thread, $edit['name'], $edit['mail'], $edit['homepage']);
+ db_query("INSERT INTO {comments} (nid, pid, uid, subject, comment, format, hostname, timestamp, status, thread, name, mail, homepage) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], ip_address(), $edit['timestamp'], $edit['status'], $thread, $edit['name'], $edit['mail'], $edit['homepage']);
$edit['cid'] = db_last_insert_id('comments', 'cid');
// Tell the other modules a new comment has been submitted.
@@ -1005,10 +1005,10 @@
if ($cid && is_numeric($cid)) {
// Single comment view.
- $query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d';
+ $query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = ?';
$query_args = array($cid);
if (!user_access('administer comments')) {
- $query .= ' AND c.status = %d';
+ $query .= ' AND c.status = ?';
$query_args[] = COMMENT_PUBLISHED;
}
@@ -1025,13 +1025,13 @@
}
else {
// Multiple comment view
- $query_count = 'SELECT COUNT(*) FROM {comments} WHERE nid = %d';
- $query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d';
+ $query_count = 'SELECT COUNT(*) FROM {comments} WHERE nid = ?';
+ $query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = ?';
$query_args = array($nid);
if (!user_access('administer comments')) {
- $query .= ' AND c.status = %d';
- $query_count .= ' AND status = %d';
+ $query .= ' AND c.status = ?';
+ $query_count .= ' AND status = ?';
$query_args[] = COMMENT_PUBLISHED;
}
@@ -1136,7 +1136,7 @@
* Menu callback; delete a comment.
*/
function comment_delete($cid = NULL) {
- $comment = db_fetch_object(db_query('SELECT c.*, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.cid = %d', $cid));
+ $comment = db_fetch_object(db_query('SELECT c.*, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.cid = ?', $cid));
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
$output = '';
@@ -1188,20 +1188,20 @@
function comment_operations($action = NULL) {
if ($action == 'publish') {
$operations = array(
- 'publish' => array(t('Publish the selected comments'), 'UPDATE {comments} SET status = '. COMMENT_PUBLISHED .' WHERE cid = %d'),
+ 'publish' => array(t('Publish the selected comments'), 'UPDATE {comments} SET status = '. COMMENT_PUBLISHED .' WHERE cid = ?'),
'delete' => array(t('Delete the selected comments'), '')
);
}
else if ($action == 'unpublish') {
$operations = array(
- 'unpublish' => array(t('Unpublish the selected comments'), 'UPDATE {comments} SET status = '. COMMENT_NOT_PUBLISHED .' WHERE cid = %d'),
+ 'unpublish' => array(t('Unpublish the selected comments'), 'UPDATE {comments} SET status = '. COMMENT_NOT_PUBLISHED .' WHERE cid = ?'),
'delete' => array(t('Delete the selected comments'), '')
);
}
else {
$operations = array(
- 'publish' => array(t('Publish the selected comments'), 'UPDATE {comments} SET status = '. COMMENT_PUBLISHED .' WHERE cid = %d'),
- 'unpublish' => array(t('Unpublish the selected comments'), 'UPDATE {comments} SET status = '. COMMENT_NOT_PUBLISHED .' WHERE cid = %d'),
+ 'publish' => array(t('Publish the selected comments'), 'UPDATE {comments} SET status = '. COMMENT_PUBLISHED .' WHERE cid = ?'),
+ 'unpublish' => array(t('Unpublish the selected comments'), 'UPDATE {comments} SET status = '. COMMENT_NOT_PUBLISHED .' WHERE cid = ?'),
'delete' => array(t('Delete the selected comments'), '')
);
}
@@ -1244,7 +1244,7 @@
array('data' => t('Time'), 'field' => 'timestamp', 'sort' => 'desc'),
array('data' => t('Operations'))
));
- $result = pager_query('SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = %d'. tablesort_sql($form['header']['#value']), 50, 0, NULL, $status);
+ $result = pager_query('SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = ?'. tablesort_sql($form['header']['#value']), 50, 0, NULL, $status);
// build a table listing the appropriate comments
$destination = drupal_get_destination();
@@ -1339,7 +1339,7 @@
foreach (array_filter($edit['comments']) as $cid => $value) {
$comment = _comment_load($cid);
if (is_object($comment) && is_numeric($comment->cid)) {
- $subject = db_result(db_query('SELECT subject FROM {comments} WHERE cid = %d', $cid));
+ $subject = db_result(db_query('SELECT subject FROM {comments} WHERE cid = ?', $cid));
$form['comments'][$cid] = array('#type' => 'hidden', '#value' => $cid, '#prefix' => '', '#suffix' => check_plain($subject) .'');
$comment_counter++;
}
@@ -1382,14 +1382,14 @@
* Load the entire comment by cid.
*/
function _comment_load($cid) {
- return db_fetch_object(db_query('SELECT * FROM {comments} WHERE cid = %d', $cid));
+ return db_fetch_object(db_query('SELECT * FROM {comments} WHERE cid = ?', $cid));
}
function comment_num_all($nid) {
static $cache;
if (!isset($cache[$nid])) {
- $cache[$nid] = db_result(db_query('SELECT comment_count FROM {node_comment_statistics} WHERE nid = %d', $nid));
+ $cache[$nid] = db_result(db_query('SELECT comment_count FROM {node_comment_statistics} WHERE nid = ?', $nid));
}
return $cache[$nid];
}
@@ -1398,7 +1398,7 @@
static $cache;
if (!isset($cache[$pid])) {
- $cache[$pid] = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE pid = %d AND status = %d', $pid, COMMENT_PUBLISHED));
+ $cache[$pid] = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE pid = ? AND status = ?', $pid, COMMENT_PUBLISHED));
}
return $cache[$pid];
@@ -1423,7 +1423,7 @@
$timestamp = ($timestamp > NODE_NEW_LIMIT ? $timestamp : NODE_NEW_LIMIT);
// Use the timestamp to retrieve the number of new comments.
- $result = db_result(db_query('SELECT COUNT(c.cid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND timestamp > %d AND c.status = %d', $nid, $timestamp, COMMENT_PUBLISHED));
+ $result = db_result(db_query('SELECT COUNT(c.cid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = ? AND timestamp > ? AND c.status = ?', $nid, $timestamp, COMMENT_PUBLISHED));
return $result;
}
@@ -1453,7 +1453,7 @@
if (!$user->uid || isset($edit['is_anonymous'])) {
if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
if ($edit['name']) {
- $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']));
+ $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = ?", $edit['name']));
if ($taken != 0) {
form_set_error('name', t('The name you used belongs to a registered user.'));
@@ -1704,7 +1704,7 @@
$output = '';
if ($edit['pid']) {
- $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED));
+ $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = ? AND c.status = ?', $edit['pid'], COMMENT_PUBLISHED));
$comment = drupal_unpack($comment);
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
$output .= theme('comment_view', $comment, $node);
@@ -1970,13 +1970,13 @@
}
// Delete the comment:
- db_query('DELETE FROM {comments} WHERE cid = %d', $comment->cid);
+ db_query('DELETE FROM {comments} WHERE cid = ?', $comment->cid);
watchdog('content', 'Comment: deleted %subject.', array('%subject' => $comment->subject));
comment_invoke_comment($comment, 'delete');
// Delete the comment's replies
- $result = db_query('SELECT c.*, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE pid = %d', $comment->cid);
+ $result = db_query('SELECT c.*, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE pid = ?', $comment->cid);
while ($comment = db_fetch_object($result)) {
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
_comment_delete_thread($comment);
@@ -2073,18 +2073,18 @@
* - comment_count: the total number of approved/published comments on this node.
*/
function _comment_update_node_statistics($nid) {
- $count = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE nid = %d AND status = %d', $nid, COMMENT_PUBLISHED));
+ $count = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE nid = ? AND status = ?', $nid, COMMENT_PUBLISHED));
// comments exist
if ($count > 0) {
- $last_reply = db_fetch_object(db_query_range('SELECT cid, name, timestamp, uid FROM {comments} WHERE nid = %d AND status = %d ORDER BY cid DESC', $nid, COMMENT_PUBLISHED, 0, 1));
- db_query("UPDATE {node_comment_statistics} SET comment_count = %d, last_comment_timestamp = %d, last_comment_name = '%s', last_comment_uid = %d WHERE nid = %d", $count, $last_reply->timestamp, $last_reply->uid ? '' : $last_reply->name, $last_reply->uid, $nid);
+ $last_reply = db_fetch_object(db_query_range('SELECT cid, name, timestamp, uid FROM {comments} WHERE nid = ? AND status = ? ORDER BY cid DESC', $nid, COMMENT_PUBLISHED, 0, 1));
+ db_query("UPDATE {node_comment_statistics} SET comment_count = ?, last_comment_timestamp = ?, last_comment_name = ?, last_comment_uid = ? WHERE nid = ?", $count, $last_reply->timestamp, $last_reply->uid ? '' : $last_reply->name, $last_reply->uid, $nid);
}
// no comments
else {
- $node = db_fetch_object(db_query("SELECT uid, created FROM {node} WHERE nid = %d", $nid));
- db_query("UPDATE {node_comment_statistics} SET comment_count = 0, last_comment_timestamp = %d, last_comment_name = '', last_comment_uid = %d WHERE nid = %d", $node->created, $node->uid, $nid);
+ $node = db_fetch_object(db_query("SELECT uid, created FROM {node} WHERE nid = ?", $nid));
+ db_query("UPDATE {node_comment_statistics} SET comment_count = 0, last_comment_timestamp = ?, last_comment_name = '', last_comment_uid = ? WHERE nid = ?", $node->created, $node->uid, $nid);
}
}
@@ -2203,9 +2203,9 @@
}
else {
$cid = $context['cid'];
- $subject = db_result(db_query("SELECT subject FROM {comments} WHERE cid = %d", $cid));
+ $subject = db_result(db_query("SELECT subject FROM {comments} WHERE cid = ?", $cid));
}
- db_query('UPDATE {comments} SET status = %d WHERE cid = %d', COMMENT_NOT_PUBLISHED, $cid);
+ db_query('UPDATE {comments} SET status = ? WHERE cid = ?', COMMENT_NOT_PUBLISHED, $cid);
watchdog('action', 'Unpublished comment %subject.', array('%subject' => $subject));
}
@@ -2237,7 +2237,7 @@
function comment_unpublish_by_keyword_action($comment, $context) {
foreach ($context['keywords'] as $keyword) {
if (strstr($comment->comment, $keyword) || strstr($comment->subject, $keyword)) {
- db_query('UPDATE {comments} SET status = %d WHERE cid = %d', COMMENT_NOT_PUBLISHED, $comment->cid);
+ db_query('UPDATE {comments} SET status = ? WHERE cid = ?', COMMENT_NOT_PUBLISHED, $comment->cid);
watchdog('action', 'Unpublished comment %subject.', array('%subject' => $comment->subject));
break;
}
Index: includes/database.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.inc,v
retrieving revision 1.82
diff -u -r1.82 database.inc
--- includes/database.inc 2 Oct 2007 16:15:56 -0000 1.82
+++ includes/database.inc 5 Oct 2007 07:23:44 -0000
@@ -51,6 +51,186 @@
*/
/**
+ * Initialise a database connection.
+ */
+function db_connect($url) {
+ list($dsn, $user, $pass) = db_dsn($url);
+
+ try {
+ $connection = new PDO($dsn, $user, $pass);
+ $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+ } catch (PDOException $e) {
+ db_connection_error($e->getCode(), $e->getMessage());
+ }
+
+ // Set additional attributes.
+ if (function_exists('_db_connect')) {
+ _db_connect($connection);
+ }
+
+ return $connection;
+}
+
+/**
+ * Returns the version of the database server currently in use.
+ *
+ * @return Database server version
+ */
+function db_version() {
+ global $active_db;
+ list($version) = explode('-', $active_db->getAttribute(PDO::ATTR_SERVER_VERSION));
+ return $version;
+}
+
+/**
+ * Runs a basic query in the active database.
+ *
+ * User-supplied arguments to the query should be passed in as separate
+ * parameters so that they can be properly escaped to avoid SQL injection
+ * attacks.
+ *
+ * @param $query
+ * A string containing an SQL query.
+ * @param ...
+ * A variable number of arguments which are substituted into the query
+ * using printf() syntax. Instead of a variable number of query arguments,
+ * you may also pass a single array containing the query arguments.
+ *
+ * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
+ * in '') and %%.
+ *
+ * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
+ * and TRUE values to decimal 1.
+ *
+ * @return
+ * A database query result resource, or FALSE if the query was not
+ * executed correctly.
+ */
+function db_query($query) {
+ $args = func_get_args();
+ array_shift($args);
+ $query = db_prefix_tables($query);
+ if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
+ $args = $args[0];
+ }
+ return _db_query($query, $args);
+}
+
+/**
+ * Helper function for db_query().
+ */
+function _db_query($query, $args, $debug = 0) {
+ global $active_db, $queries;
+
+ if (variable_get('dev_query', 0)) {
+ list($usec, $sec) = explode(' ', microtime());
+ $timer = (float)$usec + (float)$sec;
+ }
+
+ try {
+ //$result = $active_db->query($query, $args);
+ $result = $active_db->prepare($query);
+ $result->execute($args);
+ }
+ catch (PDOException $e) {
+ ${DB_ERROR} = TRUE;
+ trigger_error(check_plain($e->getMessage() ."\nquery: ". $query), E_USER_WARNING);
+ }
+
+ if (variable_get('dev_query', 0)) {
+ $bt = debug_backtrace();
+ $query = $bt[2]['function'] ."\n". $query;
+ list($usec, $sec) = explode(' ', microtime());
+ $stop = (float)$usec + (float)$sec;
+ $diff = $stop - $timer;
+ $queries[] = array($query, $diff);
+ }
+
+ if ($debug) {
+ $error = $last_result->errorInfo();
+ print 'query: '. $query .'
error:'. $error[2] .'
';
+ }
+
+ if ($result) {
+ return $result;
+ }
+ else {
+ return FALSE;
+ }
+}
+
+/**
+ * Fetch one result row from the previous query as an object.
+ *
+ * @param $result
+ * A database query result resource, as returned from db_query().
+ * @return
+ * An object representing the next row of the result, or FALSE. The attributes
+ * of this object are the table fields selected by the query.
+ */
+function db_fetch_object($result) {
+ if ($result) {
+ return $result->fetch(PDO::FETCH_OBJ);
+ }
+}
+
+/**
+ * Fetch one result row from the previous query as an array.
+ *
+ * @param $result
+ * A database query result resource, as returned from db_query().
+ * @return
+ * An associative array representing the next row of the result, or FALSE.
+ * The keys of this object are the names of the table fields selected by the
+ * query, and the values are the field values for this result row.
+ */
+function db_fetch_array($result) {
+ if ($result) {
+ return $result->fetch(PDO::FETCH_ASSOC);
+ }
+}
+
+/**
+* Return an individual result field from the previous query.
+*
+* Only use this function if exactly one field is being selected; otherwise,
+* use db_fetch_object() or db_fetch_array().
+*
+* @param $result
+* A database query result resource, as returned from db_query().
+* @return
+* The resulting field or FALSE.
+*/
+function db_result($result) {
+ if ($result) {
+ return $result->fetchColumn();
+ }
+ return FALSE;
+}
+
+/**
+ * Determine whether the previous query caused an error.
+ */
+function db_error($result) {
+ return $result->getErrorCode();
+}
+
+/**
+ * Determine the number of rows changed by the preceding query.
+ */
+function db_affected_rows($result) {
+ return $result->rowCount();
+}
+
+/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_string($text, $type = PDO::PARAM_STR) {
+ global $active_db;
+ return $active_db->quote($text, $type);
+}
+
+/**
* Perform an SQL query and return success or failure.
*
* @param $sql
@@ -148,7 +328,7 @@
else {
drupal_maintenance_theme();
drupal_set_title('Unsupported database type');
- print theme('maintenance_page', 'The database type '. theme('placeholder', $db_type) .' is unsupported. Please use either mysql for MySQL 3.x & 4.0.x databases, mysqli for MySQL 4.1.x+ databases, or pgsql for PostgreSQL databases. The database information is in your settings.php file.
+ print theme('maintenance_page', 'The database type '. theme('placeholder', $db_type) .' is unsupported. Please use either mysql for MySQL 4.1.x+ databases, or pgsql for PostgreSQL databases. The database information is in your settings.php file.
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
@@ -164,30 +344,6 @@
}
/**
- * Helper function for db_query().
- */
-function _db_query_callback($match, $init = FALSE) {
- static $args = NULL;
- if ($init) {
- $args = $match;
- return;
- }
-
- switch ($match[1]) {
- case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?)
- return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe
- case '%s':
- return db_escape_string(array_shift($args));
- case '%%':
- return '%';
- case '%f':
- return (float) array_shift($args);
- case '%b': // binary data
- return db_encode_blob(array_shift($args));
- }
-}
-
-/**
* Generate placeholders for an array of query arguments of a single type.
*
* Given a Schema API field type, return correct %-placeholders to
@@ -199,16 +355,11 @@
* The Schema API type of a field (e.g. 'int', 'text', or 'varchar').
*/
function db_placeholders($arguments, $type = 'int') {
- $placeholder = db_type_placeholder($type);
+ $placeholder = '?';
return implode(',', array_fill(0, count($arguments), $placeholder));
}
/**
- * Indicates the place holders that should be replaced in _db_query_callback().
- */
-define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/');
-
-/**
* Helper function for db_rewrite_sql.
*
* Collects JOIN and WHERE statements via hook_db_rewrite_sql()
@@ -477,48 +628,5 @@
}
/**
- * Given a Schema API field type, return the correct %-placeholder.
- *
- * Embed the placeholder in a query to be passed to db_query and and pass as an
- * argument to db_query a value of the specified type.
- *
- * @param $type
- * The Schema API type of a field.
- * @return
- * The placeholder string to embed in a query for that type.
- */
-function db_type_placeholder($type) {
- switch ($type) {
- case 'varchar':
- case 'text':
- case 'datetime':
- return '\'%s\'';
-
- case 'numeric':
- // For 'numeric' values, we use '%s', not '\'%s\'' as with
- // string types, because numeric values should not be enclosed
- // in quotes in queries (though they can be, at least on mysql
- // and pgsql). Numerics should only have [0-9.+-] and
- // presumably no db's "escape string" function will mess with
- // those characters.
- return '%s';
-
- case 'serial':
- case 'int':
- return '%d';
-
- case 'float':
- return '%f';
-
- case 'blob':
- return '%b';
- }
-
- // There is no safe value to return here, so return something that
- // will cause the query to fail.
- return 'unsupported type '. $type .'for db_type_placeholder';
-}
-
-/**
* @} End of "defgroup schemaapi".
*/
Index: includes/path.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/path.inc,v
retrieving revision 1.16
diff -u -r1.16 path.inc
--- includes/path.inc 18 Jun 2007 06:59:11 -0000 1.16
+++ includes/path.inc 5 Oct 2007 07:23:45 -0000
@@ -65,7 +65,7 @@
return $map[$path_language][$path];
}
// Get the most fitting result falling back with alias without language
- $alias = db_result(db_query("SELECT dst FROM {url_alias} WHERE src = '%s' AND language IN('%s', '') ORDER BY language DESC", $path, $path_language));
+ $alias = db_result(db_query("SELECT dst FROM {url_alias} WHERE src = ? AND language IN(?, '') ORDER BY language DESC", $path, $path_language));
$map[$path_language][$path] = $alias;
return $alias;
}
@@ -76,7 +76,7 @@
$src = '';
if (!isset($map[$path_language]) || !($src = array_search($path, $map[$path_language]))) {
// Get the most fitting result falling back with alias without language
- if ($src = db_result(db_query("SELECT src FROM {url_alias} WHERE dst = '%s' AND language IN('%s', '') ORDER BY language DESC", $path, $path_language))) {
+ if ($src = db_result(db_query("SELECT src FROM {url_alias} WHERE dst = ? AND language IN(?, '') ORDER BY language DESC", $path, $path_language))) {
$map[$path_language][$src] = $path;
}
else {
Index: includes/actions.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/actions.inc,v
retrieving revision 1.4
diff -u -r1.4 actions.inc
--- includes/actions.inc 9 Sep 2007 20:01:39 -0000 1.4
+++ includes/actions.inc 5 Oct 2007 07:23:43 -0000
@@ -54,7 +54,7 @@
$where_values = array();
foreach ($action_ids as $action_id) {
if (is_numeric($action_id)) {
- $where[] = 'OR aid = %d';
+ $where[] = 'OR aid = ?';
$where_values[] = $action_id;
}
elseif (isset($available_actions[$action_id])) {
@@ -94,7 +94,7 @@
else {
// If it's a configurable action, retrieve stored parameters.
if (is_numeric($action_ids)) {
- $action = db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = %d", $action_ids));
+ $action = db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = ?", $action_ids));
$function = $action->callback;
$context = array_merge($context, unserialize($action->parameters));
$result[$action_ids] = $function($object, $context, $a1, $a2);
@@ -239,7 +239,7 @@
}
// Must be an instance; must check database.
- $aid = db_result(db_query("SELECT aid FROM {actions} WHERE MD5(aid) = '%s' AND parameters != ''", $hash));
+ $aid = db_result(db_query("SELECT aid FROM {actions} WHERE MD5(aid) = ? AND parameters != ''", $hash));
return $aid;
}
@@ -272,7 +272,7 @@
}
else {
// This is a new singleton that we don't have an aid for; assign one.
- db_query("INSERT INTO {actions} (aid, type, callback, parameters, description) VALUES ('%s', '%s', '%s', '%s', '%s')", $callback, $array['type'], $callback, '', $array['description']);
+ db_query("INSERT INTO {actions} (aid, type, callback, parameters, description) VALUES (?, ?, ?, ?, ?)", $callback, $array['type'], $callback, '', $array['description']);
watchdog('actions', t("Action '%action' added.", array('%action' => filter_xss_admin($array['description']))));
}
}
@@ -285,7 +285,7 @@
foreach ($actions_in_db as $callback => $array) {
$orphaned[] = $callback;
- $placeholder[] = "'%s'";
+ $placeholder[] = '?';
}
$orphans = implode(', ', $orphaned);
@@ -326,7 +326,7 @@
function actions_save($function, $type, $params, $desc, $aid = NULL) {
$serialized = serialize($params);
if ($aid) {
- db_query("UPDATE {actions} SET callback = '%s', type = '%s', parameters = '%s', description = '%s' WHERE aid = %d", $function, $type, $serialized, $desc, $aid);
+ db_query("UPDATE {actions} SET callback = ?, type = ?, parameters = ?, description = ? WHERE aid = ?", $function, $type, $serialized, $desc, $aid);
watchdog('actions', 'Action %action saved.', array('%action' => $desc));
}
else {
@@ -334,7 +334,7 @@
// separate table for numeric aids.
db_query('INSERT INTO {actions_aid} VALUES (default)');
$aid = db_last_insert_id('actions_aid', 'aid');
- db_query("INSERT INTO {actions} (aid, callback, type, parameters, description) VALUES (%d, '%s', '%s', '%s', '%s')", $aid, $function, $type, $serialized, $desc);
+ db_query("INSERT INTO {actions} (aid, callback, type, parameters, description) VALUES (?, ?, ?, ?, ?)", $aid, $function, $type, $serialized, $desc);
watchdog('actions', 'Action %action created.', array('%action' => $desc));
}
@@ -351,7 +351,7 @@
* The appropriate action row from the database as an object.
*/
function actions_load($aid) {
- return db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = %d", $aid));
+ return db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = ?", $aid));
}
/**
@@ -361,6 +361,6 @@
* integer The ID of the action to delete.
*/
function actions_delete($aid) {
- db_query("DELETE FROM {actions} WHERE aid = %d", $aid);
+ db_query("DELETE FROM {actions} WHERE aid = ?", $aid);
module_invoke_all('actions_delete', $aid);
}
Index: includes/database.pgsql.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.pgsql.inc,v
retrieving revision 1.62
diff -u -r1.62 database.pgsql.inc
--- includes/database.pgsql.inc 2 Oct 2007 16:15:56 -0000 1.62
+++ includes/database.pgsql.inc 5 Oct 2007 07:23:44 -0000
@@ -33,20 +33,11 @@
}
/**
- * Returns the version of the database server currently in use.
- *
- * @return Database server version
+ * Build a PDO compatible DSN.
*/
-function db_version() {
- return db_result(db_query("SHOW SERVER_VERSION"));
-}
-
-/**
- * Initialize a database connection.
- */
-function db_connect($url) {
- // Check if PostgreSQL support is present in PHP
- if (!function_exists('pg_connect')) {
+function db_dsn($url) {
+ // Check if PostgreSQL support is present in PDO.
+ if (!in_array('pgsql', PDO::getAvailableDrivers())) {
drupal_maintenance_theme();
drupal_set_title('PHP PostgreSQL support not enabled');
print theme('maintenance_page', 'We were unable to use the PostgreSQL database because the PostgreSQL extension for PHP is not installed. Check your PHP.ini to see how you can enable it.
@@ -55,40 +46,35 @@
}
$url = parse_url($url);
- $conn_string = '';
// Decode url-encoded information in the db connection string
- if (isset($url['user'])) {
- $conn_string .= ' user='. urldecode($url['user']);
- }
+ $url['user'] = urldecode($url['user']);
+ // Test if database url has a password.
if (isset($url['pass'])) {
- $conn_string .= ' password='. urldecode($url['pass']);
+ $url['pass'] = urldecode($url['pass']);
}
- if (isset($url['host'])) {
- $conn_string .= ' host='. urldecode($url['host']);
- }
- if (isset($url['path'])) {
- $conn_string .= ' dbname='. substr(urldecode($url['path']), 1);
- }
- if (isset($url['port'])) {
- $conn_string .= ' port='. urldecode($url['port']);
+ else {
+ $url['pass'] = '';
}
+ $url['host'] = urldecode($url['host']);
+ $url['path'] = urldecode($url['path']);
- // pg_last_error() does not return a useful error message for database
- // connection errors. We must turn on error tracking to get at a good error
- // message, which will be stored in $php_errormsg.
- $track_errors_previous = ini_get('track_errors');
- ini_set('track_errors', 1);
+ $dsn = 'pgsql:host='. $url['host'] .';dbname='. substr($url['path'], 1);
- $connection = @pg_connect($conn_string);
- if (!$connection) {
+ return array($dsn, $url['user'], $url['pass']);
+}
+
+/**
+ * Initialize a database connection.
+ */
+function db_connection_error($code, $message) {
+ if (!$code) {
drupal_maintenance_theme();
drupal_set_header('HTTP/1.1 503 Service Unavailable');
drupal_set_title('Unable to connect to database');
print theme('maintenance_page', 'If you still have to install Drupal, proceed to the installation page.
If you have already finished installed Drupal, this either means that the username and password information in your settings.php file is incorrect or that we can\'t connect to the PostgreSQL database server. This could mean your hosting provider\'s database server is down.
-The PostgreSQL error was: '. theme('placeholder', decode_entities($php_errormsg)) .'
-Currently, the database is '. theme('placeholder', substr($url['path'], 1)) .', the username is '. theme('placeholder', $url['user']) .', and the database server is '. theme('placeholder', $url['host']) .'.
+The PostgreSQL error was: '. theme('placeholder', $message) .'
- Are you sure you have the correct username and password?
- Are you sure that you have typed the correct hostname?
@@ -98,142 +84,6 @@
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
-
- // Restore error tracking setting
- ini_set('track_errors', $track_errors_previous);
-
- return $connection;
-}
-
-/**
- * Runs a basic query in the active database.
- *
- * User-supplied arguments to the query should be passed in as separate
- * parameters so that they can be properly escaped to avoid SQL injection
- * attacks.
- *
- * @param $query
- * A string containing an SQL query.
- * @param ...
- * A variable number of arguments which are substituted into the query
- * using printf() syntax. Instead of a variable number of query arguments,
- * you may also pass a single array containing the query arguments.
- *
- * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
- *
- * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
- * and TRUE values to decimal 1.
- *
- * @return
- * A database query result resource, or FALSE if the query was not
- * executed correctly.
- */
-function db_query($query) {
- $args = func_get_args();
- array_shift($args);
- $query = db_prefix_tables($query);
- if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
- $args = $args[0];
- }
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- return _db_query($query);
-}
-
-/**
- * Helper function for db_query().
- */
-function _db_query($query, $debug = 0) {
- global $active_db, $last_result, $queries;
-
- if (variable_get('dev_query', 0)) {
- list($usec, $sec) = explode(' ', microtime());
- $timer = (float)$usec + (float)$sec;
- }
-
- $last_result = pg_query($active_db, $query);
-
- if (variable_get('dev_query', 0)) {
- $bt = debug_backtrace();
- $query = $bt[2]['function'] ."\n". $query;
- list($usec, $sec) = explode(' ', microtime());
- $stop = (float)$usec + (float)$sec;
- $diff = $stop - $timer;
- $queries[] = array($query, $diff);
- }
-
- if ($debug) {
- print 'query: '. $query .'
error:'. pg_last_error($active_db) .'
';
- }
-
- if ($last_result !== FALSE) {
- return $last_result;
- }
- else {
- // Indicate to drupal_error_handler that this is a database error.
- ${DB_ERROR} = TRUE;
- trigger_error(check_plain(pg_last_error($active_db) ."\nquery: ". $query), E_USER_WARNING);
- return FALSE;
- }
-}
-
-/**
- * Fetch one result row from the previous query as an object.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An object representing the next row of the result, or FALSE. The attributes
- * of this object are the table fields selected by the query.
- */
-function db_fetch_object($result) {
- if ($result) {
- return pg_fetch_object($result);
- }
-}
-
-/**
- * Fetch one result row from the previous query as an array.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An associative array representing the next row of the result, or FALSE.
- * The keys of this object are the names of the table fields selected by the
- * query, and the values are the field values for this result row.
- */
-function db_fetch_array($result) {
- if ($result) {
- return pg_fetch_assoc($result);
- }
-}
-
-/**
- * Return an individual result field from the previous query.
- *
- * Only use this function if exactly one field is being selected; otherwise,
- * use db_fetch_object() or db_fetch_array().
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * The resulting field or FALSE.
- */
-function db_result($result) {
- if ($result && pg_num_rows($result) > 0) {
- $array = pg_fetch_row($result);
- return $array[0];
- }
- return FALSE;
-}
-
-/**
- * Determine whether the previous query caused an error.
- */
-function db_error() {
- global $active_db;
- return pg_last_error($active_db);
}
/**
@@ -249,14 +99,6 @@
}
/**
- * Determine the number of rows changed by the preceding query.
- */
-function db_affected_rows() {
- global $last_result;
- return empty($last_result) ? 0 : pg_affected_rows($last_result);
-}
-
-/**
* Runs a limited-range query in the active database.
*
* Use this as a substitute for db_query() when a subset of the query
@@ -295,8 +137,6 @@
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
$query .= ' LIMIT '. (int)$count .' OFFSET '. (int)$from;
return _db_query($query);
}
@@ -342,46 +182,10 @@
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
return _db_query($query);
}
/**
- * Returns a properly formatted Binary Large OBject value.
- * In case of PostgreSQL encodes data for insert into bytea field.
- *
- * @param $data
- * Data to encode.
- * @return
- * Encoded data.
- */
-function db_encode_blob($data) {
- return "'". pg_escape_bytea($data) ."'";
-}
-
-/**
- * Returns text from a Binary Large OBject value.
- * In case of PostgreSQL decodes data after select from bytea field.
- *
- * @param $data
- * Data to decode.
- * @return
- * Decoded data.
- */
-function db_decode_blob($data) {
- return pg_unescape_bytea($data);
-}
-
-/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
- * Note: This function requires PostgreSQL 7.2 or later.
- */
-function db_escape_string($text) {
- return pg_escape_string($text);
-}
-
-/**
* Lock a table.
* This function automatically starts a transaction.
*/
@@ -700,7 +504,7 @@
$ret[] = update_sql($query);
if (isset($spec['initial'])) {
// All this because update_sql does not support %-placeholders.
- $sql = 'UPDATE {'. $table .'} SET '. $field .' = '. db_type_placeholder($spec['type']);
+ $sql = 'UPDATE {'. $table .'} SET '. $field .' = ?';
$result = db_query($sql, $spec['initial']);
$ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql .' ('. $spec['initial'] .')'));
}
Index: includes/module.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/module.inc,v
retrieving revision 1.111
diff -u -r1.111 module.inc
--- includes/module.inc 4 Sep 2007 21:10:45 -0000 1.111
+++ includes/module.inc 5 Oct 2007 07:23:45 -0000
@@ -138,13 +138,13 @@
// Update the contents of the system table:
if (isset($file->status) || (isset($file->old_filename) && $file->old_filename != $file->filename)) {
- db_query("UPDATE {system} SET info = '%s', name = '%s', filename = '%s', bootstrap = %d WHERE filename = '%s'", serialize($files[$filename]->info), $file->name, $file->filename, $bootstrap, $file->old_filename);
+ db_query("UPDATE {system} SET info = ?, name = ?, filename = ?, bootstrap = ? WHERE filename = ?", serialize($files[$filename]->info), $file->name, $file->filename, $bootstrap, $file->old_filename);
}
else {
// This is a new module.
$files[$filename]->status = 0;
$files[$filename]->throttle = 0;
- db_query("INSERT INTO {system} (name, info, type, filename, status, throttle, bootstrap) VALUES ('%s', '%s', '%s', '%s', %d, %d, %d)", $file->name, serialize($files[$filename]->info), 'module', $file->filename, 0, 0, $bootstrap);
+ db_query("INSERT INTO {system} (name, info, type, filename, status, throttle, bootstrap) VALUES (?, ?, ?, ?, ?, ?, ?)", $file->name, serialize($files[$filename]->info), 'module', $file->filename, 0, 0, $bootstrap);
}
}
$files = _module_build_dependents($files);
@@ -242,10 +242,10 @@
function module_enable($module_list) {
$invoke_modules = array();
foreach ($module_list as $module) {
- $existing = db_fetch_object(db_query("SELECT status FROM {system} WHERE type = '%s' AND name = '%s'", 'module', $module));
+ $existing = db_fetch_object(db_query("SELECT status FROM {system} WHERE type = ? AND name = ?", 'module', $module));
if ($existing->status == 0) {
module_load_install($module);
- db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = '%s' AND name = '%s'", 1, 0, 'module', $module);
+ db_query("UPDATE {system} SET status = ?, throttle = ? WHERE type = ? AND name = ?", 1, 0, 'module', $module);
drupal_load('module', $module);
$invoke_modules[] = $module;
}
@@ -284,7 +284,7 @@
module_load_install($module);
module_invoke($module, 'disable');
- db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = '%s' AND name = '%s'", 0, 0, 'module', $module);
+ db_query("UPDATE {system} SET status = ?, throttle = ? WHERE type = ? AND name = ?", 0, 0, 'module', $module);
$invoke_modules[] = $module;
}
}
Index: includes/cache.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/cache.inc,v
retrieving revision 1.14
diff -u -r1.14 cache.inc
--- includes/cache.inc 26 Aug 2007 09:33:49 -0000 1.14
+++ includes/cache.inc 5 Oct 2007 07:23:43 -0000
@@ -18,16 +18,15 @@
$cache_flush = variable_get('cache_flush', 0);
if ($cache_flush && ($cache_flush + variable_get('cache_lifetime', 0) <= time())) {
// Time to flush old cache data
- db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire <= %d", CACHE_PERMANENT, $cache_flush);
+ db_query("DELETE FROM {". $table ."} WHERE expire != ? AND expire <= ?", CACHE_PERMANENT, $cache_flush);
variable_set('cache_flush', 0);
}
- $cache = db_fetch_object(db_query("SELECT data, created, headers, expire, serialized FROM {". $table ."} WHERE cid = '%s'", $cid));
+ $cache = db_fetch_object(db_query("SELECT data, created, headers, expire, serialized FROM {". $table ."} WHERE cid = ?", $cid));
if (isset($cache->data)) {
// If the data is permanent or we're not enforcing a minimum cache lifetime
// always return the cached data.
if ($cache->expire == CACHE_PERMANENT || !variable_get('cache_lifetime', 0)) {
- $cache->data = db_decode_blob($cache->data);
if ($cache->serialized) {
$cache->data = unserialize($cache->data);
}
@@ -43,7 +42,6 @@
return 0;
}
else {
- $cache->data = db_decode_blob($cache->data);
if ($cache->serialized) {
$cache->data = unserialize($cache->data);
}
@@ -105,9 +103,9 @@
$serialized = 1;
}
$created = time();
- db_query("UPDATE {". $table ."} SET data = %b, created = %d, expire = %d, headers = '%s', serialized = %d WHERE cid = '%s'", $data, $created, $expire, $headers, $serialized, $cid);
- if (!db_affected_rows()) {
- @db_query("INSERT INTO {". $table ."} (cid, data, created, expire, headers, serialized) VALUES ('%s', %b, %d, %d, '%s', %d)", $cid, $data, $created, $expire, $headers, $serialized);
+ $result = db_query("UPDATE {". $table ."} SET data = ?, created = ?, expire = ?, headers = ?, serialized = ? WHERE cid = ?", $data, $created, $expire, $headers, $serialized, $cid);
+ if (!db_affected_rows($result)) {
+ @db_query("INSERT INTO {". $table ."} (cid, data, created, expire, headers, serialized) VALUES (?, ?, ?, ?, ?, ?)", $cid, $data, $created, $expire, $headers, $serialized);
}
}
@@ -154,13 +152,13 @@
else if (time() > ($cache_flush + variable_get('cache_lifetime', 0))) {
// Clear the cache for everyone, cache_flush_delay seconds have
// passed since the first request to clear the cache.
- db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time());
+ db_query("DELETE FROM {". $table ."} WHERE expire != ? AND expire < ?", CACHE_PERMANENT, time());
variable_set('cache_flush', 0);
}
}
else {
// No minimum cache lifetime, flush all temporary cache entries now.
- db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time());
+ db_query("DELETE FROM {". $table ."} WHERE expire != ? AND expire < ?", CACHE_PERMANENT, time());
}
}
else {
@@ -173,7 +171,7 @@
}
}
else {
- db_query("DELETE FROM {". $table ."} WHERE cid = '%s'", $cid);
+ db_query("DELETE FROM {". $table ."} WHERE cid = ?", $cid);
}
}
}
Index: includes/locale.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/locale.inc,v
retrieving revision 1.154
diff -u -r1.154 locale.inc
--- includes/locale.inc 4 Sep 2007 21:10:45 -0000 1.154
+++ includes/locale.inc 5 Oct 2007 07:23:45 -0000
@@ -114,7 +114,7 @@
$language->enabled = 0;
}
$language->weight = $form_state['values']['weight'][$langcode];
- db_query("UPDATE {languages} SET enabled = %d, weight = %d WHERE language = '%s'", $language->enabled, $language->weight, $langcode);
+ db_query("UPDATE {languages} SET enabled = ?, weight = ? WHERE language = ?", $language->enabled, $language->weight, $langcode);
$languages[$langcode] = $language;
}
drupal_set_message(t('Configuration saved.'));
@@ -193,7 +193,7 @@
* Language code of the language to edit.
*/
function locale_languages_edit_form(&$form_state, $langcode) {
- if ($language = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = '%s'", $langcode))) {
+ if ($language = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = ?", $langcode))) {
$form = array();
_locale_languages_common_controls($form, $language);
$form['submit'] = array(
@@ -285,7 +285,7 @@
function locale_languages_predefined_form_validate($form, &$form_state) {
$langcode = $form_state['values']['langcode'];
- if ($duplicate = db_result(db_query("SELECT COUNT(*) FROM {languages} WHERE language = '%s'", $langcode)) != 0) {
+ if ($duplicate = db_result(db_query("SELECT COUNT(*) FROM {languages} WHERE language = ?", $langcode)) != 0) {
form_set_error('langcode', t('The language %language (%code) already exists.', array('%language' => $form_state['values']['name'], '%code' => $langcode)));
}
@@ -336,13 +336,13 @@
if (!empty($form_state['values']['domain']) && !empty($form_state['values']['prefix'])) {
form_set_error('prefix', t('Domain and path prefix values should not be set at the same time.'));
}
- if (!empty($form_state['values']['domain']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE domain = '%s' AND language != '%s'", $form_state['values']['domain'], $form_state['values']['langcode']))) {
+ if (!empty($form_state['values']['domain']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE domain = ? AND language != ?", $form_state['values']['domain'], $form_state['values']['langcode']))) {
form_set_error('domain', t('The domain (%domain) is already tied to a language (%language).', array('%domain' => $form_state['values']['domain'], '%language' => $duplicate->language)));
}
if (empty($form_state['values']['prefix']) && language_default('language') != $form_state['values']['langcode'] && empty($form_state['values']['domain'])) {
form_set_error('prefix', t('Only the default language can have both the domain and prefix empty.'));
}
- if (!empty($form_state['values']['prefix']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE prefix = '%s' AND language != '%s'", $form_state['values']['prefix'], $form_state['values']['langcode']))) {
+ if (!empty($form_state['values']['prefix']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE prefix = ? AND language != ?", $form_state['values']['prefix'], $form_state['values']['langcode']))) {
form_set_error('prefix', t('The prefix (%prefix) is already tied to a language (%language).', array('%prefix' => $form_state['values']['prefix'], '%language' => $duplicate->language)));
}
}
@@ -351,7 +351,7 @@
* Process the language editing form submission.
*/
function locale_languages_edit_form_submit($form, &$form_state) {
- db_query("UPDATE {languages} SET name = '%s', native = '%s', domain = '%s', prefix = '%s', direction = %d WHERE language = '%s'", $form_state['values']['name'], $form_state['values']['native'], $form_state['values']['domain'], $form_state['values']['prefix'], $form_state['values']['direction'], $form_state['values']['langcode']);
+ db_query("UPDATE {languages} SET name = ?, native = ?, domain = ?, prefix = ?, direction = ? WHERE language = ?", $form_state['values']['name'], $form_state['values']['native'], $form_state['values']['domain'], $form_state['values']['prefix'], $form_state['values']['direction'], $form_state['values']['langcode']);
$default = language_default();
if ($default->language == $form_state['values']['langcode']) {
$properties = array('name', 'native', 'direction', 'enabled', 'plurals', 'formula', 'domain', 'prefix', 'weight');
@@ -408,9 +408,9 @@
function locale_languages_delete_form_submit($form, &$form_state) {
$languages = language_list();
if (isset($languages[$form_state['values']['langcode']])) {
- db_query("DELETE FROM {languages} WHERE language = '%s'", $form_state['values']['langcode']);
- db_query("DELETE FROM {locales_target} WHERE language = '%s'", $form_state['values']['langcode']);
- db_query("UPDATE {node} SET language = '' WHERE language = '%s'", $form_state['values']['langcode']);
+ db_query("DELETE FROM {languages} WHERE language = ?", $form_state['values']['langcode']);
+ db_query("DELETE FROM {locales_target} WHERE language = ?", $form_state['values']['langcode']);
+ db_query("UPDATE {node} SET language = '' WHERE language = ?", $form_state['values']['langcode']);
$variables = array('%locale' => $languages[$form_state['values']['langcode']]->name);
drupal_set_message(t('The language %locale has been removed.', $variables));
watchdog('locale', 'The language %locale has been removed.', $variables);
@@ -755,7 +755,7 @@
*/
function locale_translate_edit_form(&$form_state, $lid) {
// Fetch source string, if possible.
- $source = db_fetch_object(db_query('SELECT source, textgroup, location FROM {locales_source} WHERE lid = %d', $lid));
+ $source = db_fetch_object(db_query('SELECT source, textgroup, location FROM {locales_source} WHERE lid = ?', $lid));
if (!$source) {
drupal_set_message(t('String not found.'), 'error');
drupal_goto('admin/build/translate/search');
@@ -802,7 +802,7 @@
}
// Fetch translations and fill in default values in the form.
- $result = db_query("SELECT DISTINCT translation, language FROM {locales_target} WHERE lid = %d AND language != '%s'", $lid, $omit);
+ $result = db_query("SELECT DISTINCT translation, language FROM {locales_target} WHERE lid = ? AND language != ?", $lid, $omit);
while ($translation = db_fetch_object($result)) {
$form['translations'][$translation->language]['#default_value'] = $translation->translation;
}
@@ -818,19 +818,19 @@
function locale_translate_edit_form_submit($form, &$form_state) {
$lid = $form_state['values']['lid'];
foreach ($form_state['values']['translations'] as $key => $value) {
- $translation = db_result(db_query("SELECT translation FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $key));
+ $translation = db_result(db_query("SELECT translation FROM {locales_target} WHERE lid = ? AND language = ?", $lid, $key));
if (!empty($value)) {
// Only update or insert if we have a value to use.
if (!empty($translation)) {
- db_query("UPDATE {locales_target} SET translation = '%s' WHERE lid = %d AND language = '%s'", $value, $lid, $key);
+ db_query("UPDATE {locales_target} SET translation = ? WHERE lid = ? AND language = ?", $value, $lid, $key);
}
else {
- db_query("INSERT INTO {locales_target} (lid, translation, language) VALUES (%d, '%s', '%s')", $lid, $value, $key);
+ db_query("INSERT INTO {locales_target} (lid, translation, language) VALUES (?, ?, ?)", $lid, $value, $key);
}
}
elseif (!empty($translation)) {
// Empty translation entered: remove existing entry from database.
- db_query("DELETE FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $key);
+ db_query("DELETE FROM {locales_target} WHERE lid = ? AND language = ?", $lid, $key);
}
// Refresh the JS file for this language.
@@ -858,9 +858,9 @@
* Delete a language string.
*/
function locale_translate_delete($lid) {
- $langcode = db_result(db_query('SELECT language FROM {locales_target} WHERE lid = %d', $lid));
- db_query('DELETE FROM {locales_source} WHERE lid = %d', $lid);
- db_query('DELETE FROM {locales_target} WHERE lid = %d', $lid);
+ $langcode = db_result(db_query('SELECT language FROM {locales_target} WHERE lid = ?', $lid));
+ db_query('DELETE FROM {locales_source} WHERE lid = ?', $lid);
+ db_query('DELETE FROM {locales_target} WHERE lid = ?', $lid);
if ($langcode) {
_locale_rebuild_js($langcode);
}
@@ -913,7 +913,7 @@
$direction = isset($predefined[$langcode][2]) ? $predefined[$langcode][2] : LANGUAGE_LTR;
}
- db_query("INSERT INTO {languages} (language, name, native, direction, domain, prefix, enabled) VALUES ('%s', '%s', '%s', %d, '%s', '%s', %d)", $langcode, $name, $native, $direction, $domain, $prefix, $enabled);
+ db_query("INSERT INTO {languages} (language, name, native, direction, domain, prefix, enabled) VALUES (?, ?, ?, ?, ?, ?, ?)", $langcode, $name, $native, $direction, $domain, $prefix, $enabled);
// Only set it as default if enabled.
if ($enabled && $default) {
@@ -955,7 +955,7 @@
}
// Check if we have the language already in the database.
- if (!db_fetch_object(db_query("SELECT language FROM {languages} WHERE language = '%s'", $langcode))) {
+ if (!db_fetch_object(db_query("SELECT language FROM {languages} WHERE language = ?", $langcode))) {
drupal_set_message(t('The language selected for import is not supported.'), 'error');
return FALSE;
}
@@ -1195,10 +1195,10 @@
// Get the plural formula and update in database.
if (isset($header["Plural-Forms"]) && $p = _locale_import_parse_plural_forms($header["Plural-Forms"], $file->filename)) {
list($nplurals, $plural) = $p;
- db_query("UPDATE {languages} SET plurals = %d, formula = '%s' WHERE language = '%s'", $nplurals, $plural, $lang);
+ db_query("UPDATE {languages} SET plurals = ?, formula = ? WHERE language = ?", $nplurals, $plural, $lang);
}
else {
- db_query("UPDATE {languages} SET plurals = %d, formula = '%s' WHERE language = '%s'", 0, '', $lang);
+ db_query("UPDATE {languages} SET plurals = ?, formula = ? WHERE language = ?", 0, '', $lang);
}
$headerdone = TRUE;
}
@@ -1260,35 +1260,35 @@
* The string ID of the existing string modified or the new string added.
*/
function _locale_import_one_string_db(&$report, $langcode, $source, $translation, $textgroup, $location, $mode, $plid = NULL, $plural = NULL) {
- $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup));
+ $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = ? AND textgroup = ?", $source, $textgroup));
if (!empty($translation)) {
if ($lid) {
// We have this source string saved already.
- db_query("UPDATE {locales_source} SET location = '%s' WHERE lid = %d", $location, $lid);
- $exists = (bool) db_result(db_query("SELECT lid FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $langcode));
+ db_query("UPDATE {locales_source} SET location = ? WHERE lid = ?", $location, $lid);
+ $exists = (bool) db_result(db_query("SELECT lid FROM {locales_target} WHERE lid = ? AND language = ?", $lid, $langcode));
if (!$exists) {
// No translation in this language.
- db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural);
+ db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (?, ?, ?, ?, ?)", $lid, $langcode, $translation, $plid, $plural);
$report[0]++;
}
else if ($mode == LOCALE_IMPORT_OVERWRITE) {
// Translation exists, only overwrite if instructed.
- db_query("UPDATE {locales_target} SET translation = '%s', plid = %d, plural = %d WHERE language = '%s' AND lid = %d", $translation, $plid, $plural, $langcode, $lid);
+ db_query("UPDATE {locales_target} SET translation = ?, plid = ?, plural = ? WHERE language = ? AND lid = ?", $translation, $plid, $plural, $langcode, $lid);
$report[1]++;
}
}
else {
// No such source string in the database yet.
- db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES ('%s', '%s', '%s')", $location, $source, $textgroup);
- $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup));
- db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural);
+ db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES (?, ?, ?)", $location, $source, $textgroup);
+ $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = ? AND textgroup = ?", $source, $textgroup));
+ db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (?, ?, ?, ?, ?)", $lid, $langcode, $translation, $plid, $plural);
$report[0]++;
}
}
elseif ($mode == LOCALE_IMPORT_OVERWRITE) {
// Empty translation, remove existing if instructed.
- db_query("DELETE FROM {locales_target} WHERE language = '%s' AND lid = %d AND plid = %d AND plural = %d", $translation, $langcode, $lid, $plid, $plural);
+ db_query("DELETE FROM {locales_target} WHERE language = ? AND lid = ? AND plid = ? AND plural = ?", $translation, $langcode, $lid, $plid, $plural);
$report[2]++;
}
@@ -1664,7 +1664,7 @@
// Remove the quotes and string concatenations from the string.
$string = implode('', preg_split('~(?lid);
+ db_query("UPDATE {locales_source} SET location = ? WHERE lid = ?", $locations, $source->lid);
}
}
else {
// We don't have the source string yet, thus we insert it into the database.
- db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES ('%s', '%s', 'default')", $filepath, $string);
+ db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES (?, ?, 'default')", $filepath, $string);
}
}
}
@@ -1704,10 +1704,10 @@
*/
function _locale_export_get_strings($language = NULL, $group = 'default') {
if (isset($language)) {
- $result = db_query("SELECT s.lid, s.source, s.location, t.translation, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = '%s' WHERE s.textgroup = '%s' ORDER BY t.plid, t.plural", $language->language, $group);
+ $result = db_query("SELECT s.lid, s.source, s.location, t.translation, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = ? WHERE s.textgroup = ? ORDER BY t.plid, t.plural", $language->language, $group);
}
else {
- $result = db_query("SELECT s.lid, s.source, s.location, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid WHERE s.textgroup = '%s' ORDER BY t.plid, t.plural", $group);
+ $result = db_query("SELECT s.lid, s.source, s.location, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid WHERE s.textgroup = ? ORDER BY t.plid, t.plural", $group);
}
$strings = array();
while ($child = db_fetch_object($result)) {
@@ -1961,7 +1961,7 @@
}
$grouplimit = '';
if (!empty($query['group']) && $query['group'] != 'all') {
- $grouplimit = " AND s.textgroup = '%s'";
+ $grouplimit = " AND s.textgroup = ?";
$arguments[] = $query['group'];
}
@@ -1980,7 +1980,7 @@
break;
// Some different language
default:
- $sql = "$join AND t.language = '%s' $where $grouplimit $orderby";
+ $sql = "$join AND t.language = ? $where $grouplimit $orderby";
array_unshift($arguments, $query['language']);
// Don't show translation flags for other languages, we can't see them with this search.
$limit_language = $query['language'];
@@ -2057,7 +2057,7 @@
// Construct the array for JavaScript translations.
// We sort on plural so that we have all plural forms before singular forms.
- $result = db_query("SELECT s.lid, s.source, t.plid, t.plural, t.translation FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = '%s' WHERE s.location LIKE '%%.js%%' AND s.textgroup = 'default' ORDER BY t.plural DESC", $language->language);
+ $result = db_query("SELECT s.lid, s.source, t.plid, t.plural, t.translation FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = ? WHERE s.location LIKE '%%.js%%' AND s.textgroup = 'default' ORDER BY t.plural DESC", $language->language);
$translations = $plurals = array();
while ($data = db_fetch_object($result)) {
@@ -2124,14 +2124,14 @@
$language->javascript = $filepath ? $data_hash : '';
// Save the new JavaScript hash.
- db_query("UPDATE {languages} SET javascript = '%s' WHERE language = '%s'", $language->javascript, $language->language);
+ db_query("UPDATE {languages} SET javascript = ? WHERE language = ?", $language->javascript, $language->language);
// Update the default language variable if the default language has been altered.
// This is necessary to keep the variable consistent with the database
// version of the language and to prevent checking against an outdated hash.
$default_langcode = language_default('language');
if ($default_langcode == $language->language) {
- $default = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = '%s'", $default_langcode));
+ $default = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = ?", $default_langcode));
variable_set('language_default', $default);
}
@@ -2156,7 +2156,7 @@
elseif (!empty($language->javascript)) {
// Delete the old JavaScript file
file_delete(file_create_path(variable_get('locale_js_directory', 'languages') .'/'. $language->language .'_'. $language->javascript .'.js'));
- db_query("UPDATE {languages} SET javascript = '' WHERE language = '%s'", $language->language);
+ db_query("UPDATE {languages} SET javascript = '' WHERE language = ?", $language->language);
watchdog('locale', 'Deleted JavaScript translation file for the locale %language.', array('%language' => t($language->name)));
}
}
Index: includes/install.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/install.inc,v
retrieving revision 1.48
diff -u -r1.48 install.inc
--- includes/install.inc 7 Sep 2007 10:48:24 -0000 1.48
+++ includes/install.inc 5 Oct 2007 07:23:44 -0000
@@ -70,7 +70,7 @@
if (!$versions) {
$versions = array();
- $result = db_query("SELECT name, schema_version FROM {system} WHERE type = '%s'", 'module');
+ $result = db_query("SELECT name, schema_version FROM {system} WHERE type = ?", 'module');
while ($row = db_fetch_object($result)) {
$versions[$row->name] = $row->schema_version;
}
@@ -88,7 +88,7 @@
* The new schema version.
*/
function drupal_set_installed_schema_version($module, $version) {
- db_query("UPDATE {system} SET schema_version = %d WHERE name = '%s'", $version, $module);
+ db_query("UPDATE {system} SET schema_version = ? WHERE name = ?", $version, $module);
}
/**
@@ -144,7 +144,7 @@
function drupal_detect_database_types() {
$databases = array();
- foreach (array('mysql', 'mysqli', 'pgsql') as $type) {
+ foreach (array('mysql', 'pgsql') as $type) {
if (file_exists('./includes/install.'. $type .'.inc')) {
include_once './includes/install.'. $type .'.inc';
$function = $type .'_is_available';
@@ -312,7 +312,7 @@
module_invoke('system', 'install');
$system_versions = drupal_get_schema_versions('system');
$system_version = $system_versions ? max($system_versions) : SCHEMA_INSTALLED;
- db_query("INSERT INTO {system} (filename, name, type, owner, status, throttle, bootstrap, schema_version) VALUES('%s', '%s', '%s', '%s', %d, %d, %d, %d)", $system_path .'/system.module', 'system', 'module', '', 1, 0, 0, $system_version);
+ db_query("INSERT INTO {system} (filename, name, type, owner, status, throttle, bootstrap, schema_version) VALUES(?, ?, ?, ?, ?, ?, ?, ?)", $system_path .'/system.module', 'system', 'module', '', 1, 0, 0, $system_version);
// Now that we've installed things properly, bootstrap the full Drupal environment
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
@@ -369,7 +369,7 @@
}
$paths[$index] = implode('/', $parts);
}
- $placeholders = implode(', ', array_fill(0, count($paths), "'%s'"));
+ $placeholders = implode(', ', array_fill(0, count($paths), '?'));
$result = db_query('SELECT * FROM {menu_links} WHERE router_path IN ('. $placeholders .') AND external = 0 ORDER BY depth DESC', $paths);
// Remove all such items. Starting from those with the greatest depth will
Index: includes/database.mysql-common.inc
===================================================================
RCS file: includes/database.mysql-common.inc
diff -N includes/database.mysql-common.inc
--- includes/database.mysql-common.inc 2 Oct 2007 16:15:56 -0000 1.13
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,532 +0,0 @@
- $field) {
- $sql .= _db_create_field_sql($field_name, _db_process_field($field)) .", \n";
- }
-
- // Process keys & indexes.
- $keys = _db_create_keys_sql($table);
- if (count($keys)) {
- $sql .= implode(", \n", $keys) .", \n";
- }
-
- // Remove the last comma and space.
- $sql = substr($sql, 0, -3) ."\n) ";
-
- $sql .= $table['mysql_suffix'];
-
- return array($sql);
-}
-
-function _db_create_keys_sql($spec) {
- $keys = array();
-
- if (!empty($spec['primary key'])) {
- $keys[] = 'PRIMARY KEY ('. _db_create_key_sql($spec['primary key']) .')';
- }
- if (!empty($spec['unique keys'])) {
- foreach ($spec['unique keys'] as $key => $fields) {
- $keys[] = 'UNIQUE KEY '. $key .' ('. _db_create_key_sql($fields) .')';
- }
- }
- if (!empty($spec['indexes'])) {
- foreach ($spec['indexes'] as $index => $fields) {
- $keys[] = 'INDEX '. $index .' ('. _db_create_key_sql($fields) .')';
- }
- }
-
- return $keys;
-}
-
-function _db_create_key_sql($fields) {
- $ret = array();
- foreach ($fields as $field) {
- if (is_array($field)) {
- $ret[] = $field[0] .'('. $field[1] .')';
- }
- else {
- $ret[] = $field;
- }
- }
- return implode(', ', $ret);
-}
-
-/**
- * Set database-engine specific properties for a field.
- *
- * @param $field
- * A field description array, as specified in the schema documentation.
- */
-function _db_process_field($field) {
-
- if (!isset($field['size'])) {
- $field['size'] = 'normal';
- }
-
- // Set the correct database-engine specific datatype.
- if (!isset($field['mysql_type'])) {
- $map = db_type_map();
- $field['mysql_type'] = $map[$field['type'] .':'. $field['size']];
- }
-
- if ($field['type'] == 'serial') {
- $field['auto_increment'] = TRUE;
- }
-
- return $field;
-}
-
-/**
- * Create an SQL string for a field to be used in table creation or alteration.
- *
- * Before passing a field out of a schema definition into this function it has
- * to be processed by _db_process_field().
- *
- * @param $name
- * Name of the field.
- * @param $spec
- * The field specification, as per the schema data structure format.
- */
-function _db_create_field_sql($name, $spec) {
- $sql = "`". $name ."` ". $spec['mysql_type'];
-
- if (isset($spec['length'])) {
- $sql .= '('. $spec['length'] .')';
- }
- elseif (isset($spec['precision']) && isset($spec['scale'])) {
- $sql .= '('. $spec['scale'] .', '. $spec['precision'] .')';
- }
-
- if (!empty($spec['unsigned'])) {
- $sql .= ' unsigned';
- }
-
- if (!empty($spec['not null'])) {
- $sql .= ' NOT NULL';
- }
-
- if (!empty($spec['auto_increment'])) {
- $sql .= ' auto_increment';
- }
-
- if (isset($spec['default'])) {
- if (is_string($spec['default'])) {
- $spec['default'] = "'". $spec['default'] ."'";
- }
- $sql .= ' DEFAULT '. $spec['default'];
- }
-
- if (empty($spec['not null']) && !isset($spec['default'])) {
- $sql .= ' DEFAULT NULL';
- }
-
- return $sql;
-}
-
-/**
- * This maps a generic data type in combination with its data size
- * to the engine-specific data type.
- */
-function db_type_map() {
- // Put :normal last so it gets preserved by array_flip. This makes
- // it much easier for modules (such as schema.module) to map
- // database types back into schema types.
- $map = array(
- 'varchar:normal' => 'VARCHAR',
-
- 'text:tiny' => 'SMALLTEXT',
- 'text:small' => 'SMALLTEXT',
- 'text:medium' => 'MEDIUMTEXT',
- 'text:big' => 'LONGTEXT',
- 'text:normal' => 'TEXT',
-
- 'serial:tiny' => 'TINYINT',
- 'serial:small' => 'SMALLINT',
- 'serial:medium' => 'MEDIUMINT',
- 'serial:big' => 'BIGINT',
- 'serial:normal' => 'INT',
-
- 'int:tiny' => 'TINYINT',
- 'int:small' => 'SMALLINT',
- 'int:medium' => 'MEDIUMINT',
- 'int:big' => 'BIGINT',
- 'int:normal' => 'INT',
-
- 'float:tiny' => 'FLOAT',
- 'float:small' => 'FLOAT',
- 'float:medium' => 'FLOAT',
- 'float:big' => 'DOUBLE',
- 'float:normal' => 'FLOAT',
-
- 'numeric:normal' => 'NUMERIC',
-
- 'blob:big' => 'LONGBLOB',
- 'blob:normal' => 'BLOB',
-
- 'datetime:normal' => 'DATETIME',
- );
- return $map;
-}
-
-/**
- * Rename a table.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be renamed.
- * @param $new_name
- * The new name for the table.
- */
-function db_rename_table(&$ret, $table, $new_name) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} RENAME TO {'. $new_name .'}');
-}
-
-/**
- * Drop a table.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be dropped.
- */
-function db_drop_table(&$ret, $table) {
- $ret[] = update_sql('DROP TABLE {'. $table .'}');
-}
-
-/**
- * Add a new field to a table.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * Name of the table to be altered.
- * @param $field
- * Name of the field to be added.
- * @param $spec
- * The field specification array, as taken from a schema definition.
- * The specification may also contain the key 'initial', the newly
- * created field will be set to the value of the key in all rows.
- * This is most useful for creating NOT NULL columns with no default
- * value in existing tables.
- * @param $keys_new
- * Optional keys and indexes specification to be created on the
- * table along with adding the field. The format is the same as a
- * table specification but without the 'fields' element. If you are
- * adding a type 'serial' field, you MUST specify at least one key
- * or index including it in this array. @see db_change_field for more
- * explanation why.
- */
-function db_add_field(&$ret, $table, $field, $spec, $keys_new = array()) {
- $fixnull = FALSE;
- if (!empty($spec['not null']) && !isset($spec['default'])) {
- $fixnull = TRUE;
- $spec['not null'] = FALSE;
- }
- $query = 'ALTER TABLE {'. $table .'} ADD ';
- $query .= _db_create_field_sql($field, _db_process_field($spec));
- if (count($keys_new)) {
- $query .= ', ADD '. implode(', ADD ', _db_create_keys_sql($keys_new));
- }
- $ret[] = update_sql($query);
- if (isset($spec['initial'])) {
- // All this because update_sql does not support %-placeholders.
- $sql = 'UPDATE {'. $table .'} SET '. $field .' = '. db_type_placeholder($spec['type']);
- $result = db_query($sql, $spec['initial']);
- $ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql .' ('. $spec['initial'] .')'));
- }
- if ($fixnull) {
- $spec['not null'] = TRUE;
- db_change_field($ret, $table, $field, $field, $spec);
- }
-}
-
-/**
- * Drop a field.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $field
- * The field to be dropped.
- */
-function db_drop_field(&$ret, $table, $field) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP '. $field);
-}
-
-/**
- * Set the default value for a field.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $field
- * The field to be altered.
- * @param $default
- * Default value to be set. NULL for 'default NULL'.
- */
-function db_field_set_default(&$ret, $table, $field, $default) {
- if ($default == NULL) {
- $default = 'NULL';
- }
- else {
- $default = is_string($default) ? "'$default'" : $default;
- }
-
- $ret[] = update_sql('ALTER TABLE {'. $table .'} ALTER COLUMN '. $field .' SET DEFAULT '. $default);
-}
-
-/**
- * Set a field to have no default value.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $field
- * The field to be altered.
- */
-function db_field_set_no_default(&$ret, $table, $field) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} ALTER COLUMN '. $field .' DROP DEFAULT');
-}
-
-/**
- * Add a primary key.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $fields
- * Fields for the primary key.
- */
-function db_add_primary_key(&$ret, $table, $fields) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} ADD PRIMARY KEY ('.
- _db_create_key_sql($fields) .')');
-}
-
-/**
- * Drop the primary key.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- */
-function db_drop_primary_key(&$ret, $table) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP PRIMARY KEY');
-}
-
-/**
- * Add a unique key.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $name
- * The name of the key.
- * @param $fields
- * An array of field names.
- */
-function db_add_unique_key(&$ret, $table, $name, $fields) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} ADD UNIQUE KEY '.
- $name .' ('. _db_create_key_sql($fields) .')');
-}
-
-/**
- * Drop a unique key.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $name
- * The name of the key.
- */
-function db_drop_unique_key(&$ret, $table, $name) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP KEY '. $name);
-}
-
-/**
- * Add an index.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $name
- * The name of the index.
- * @param $fields
- * An array of field names.
- */
-function db_add_index(&$ret, $table, $name, $fields) {
- $query = 'ALTER TABLE {'. $table .'} ADD INDEX '. $name .' ('. _db_create_key_sql($fields) .')';
- $ret[] = update_sql($query);
-}
-
-/**
- * Drop an index.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $name
- * The name of the index.
- */
-function db_drop_index(&$ret, $table, $name) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP INDEX '. $name);
-}
-
-/**
- * Change a field definition.
- *
- * IMPORTANT NOTE: To maintain database portability, you have to explicitly
- * recreate all indices and primary keys that are using the changed field.
- *
- * That means that you have to drop all affected keys and indexes with
- * db_drop_{primary_key,unique_key,index}() before calling db_change_field().
- * To recreate the keys and indices, pass the key definitions as the
- * optional $keys_new argument directly to db_change_field().
- *
- * For example, suppose you have:
- * @code
- * $schema['foo'] = array(
- * 'fields' => array(
- * 'bar' => array('type' => 'int', 'not null' => TRUE)
- * ),
- * 'primary key' => array('bar')
- * );
- * @endcode
- * and you want to change foo.bar to be type serial, leaving it as the
- * primary key. The correct sequence is:
- * @code
- * db_drop_primary_key($ret, 'foo');
- * db_change_field($ret, 'foo', 'bar', 'bar',
- * array('type' => 'serial', 'not null' => TRUE),
- * array('primary key' => array('bar')));
- * @endcode
- *
- * The reasons for this are due to the different database engines:
- *
- * On PostgreSQL, changing a field definition involves adding a new field
- * and dropping an old one which* causes any indices, primary keys and
- * sequences (from serial-type fields) that use the changed field to be dropped.
- *
- * On MySQL, all type 'serial' fields must be part of at least one key
- * or index as soon as they are created. You cannot use
- * db_add_{primary_key,unique_key,index}() for this purpose because
- * the ALTER TABLE command will fail to add the column without a key
- * or index specification. The solution is to use the optional
- * $keys_new argument to create the key or index at the same time as
- * field.
- *
- * You could use db_add_{primary_key,unique_key,index}() in all cases
- * unless you are converting a field to be type serial. You can use
- * the $keys_new argument in all cases.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * Name of the table.
- * @param $field
- * Name of the field to change.
- * @param $field_new
- * New name for the field (set to the same as $field if you don't want to change the name).
- * @param $spec
- * The field specification for the new field.
- * @param $keys_new
- * Optional keys and indexes specification to be created on the
- * table along with changing the field. The format is the same as a
- * table specification but without the 'fields' element.
- */
-
-function db_change_field(&$ret, $table, $field, $field_new, $spec, $keys_new = array()) {
- $sql = 'ALTER TABLE {'. $table .'} CHANGE '. $field .' '.
- _db_create_field_sql($field_new, _db_process_field($spec));
- if (count($keys_new)) {
- $sql .= ', ADD '.implode(', ADD ', _db_create_keys_sql($keys_new));
- }
- $ret[] = update_sql($sql);
-}
-
-/**
- * Returns the last insert id.
- *
- * @param $table
- * The name of the table you inserted into.
- * @param $field
- * The name of the autoincrement field.
- */
-function db_last_insert_id($table, $field) {
- return db_result(db_query('SELECT LAST_INSERT_ID()'));
-}
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.192
diff -u -r1.192 bootstrap.inc
--- includes/bootstrap.inc 10 Sep 2007 12:19:11 -0000 1.192
+++ includes/bootstrap.inc 5 Oct 2007 07:23:43 -0000
@@ -385,7 +385,7 @@
// the database. This is required because this function is called both
// before we have a database connection (i.e. during installation) and
// when a database connection fails.
- elseif ($active_db && (($file = db_result(db_query("SELECT filename FROM {system} WHERE name = '%s' AND type = '%s'", $name, $type))) && file_exists($file))) {
+ elseif ($active_db && (($file = db_result(db_query("SELECT filename FROM {system} WHERE name = ? AND type = ?", $name, $type))) && file_exists($file))) {
$files[$type][$name] = $file;
}
else {
@@ -464,9 +464,9 @@
global $conf;
$serialized_value = serialize($value);
- db_query("UPDATE {variable} SET value = '%s' WHERE name = '%s'", $serialized_value, $name);
- if (!db_affected_rows()) {
- @db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, $serialized_value);
+ $result = db_query("UPDATE {variable} SET value = ? WHERE name = ?", $serialized_value, $name);
+ if (!db_affected_rows($result)) {
+ @db_query("INSERT INTO {variable} (name, value) VALUES (?, ?)", $name, $serialized_value);
}
cache_clear_all('variables', 'cache');
@@ -483,7 +483,7 @@
function variable_del($name) {
global $conf;
- db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
+ db_query("DELETE FROM {variable} WHERE name = ?", $name);
cache_clear_all('variables', 'cache');
unset($conf[$name]);
@@ -710,7 +710,7 @@
*
* @see watchdog_severity_levels
*/
-function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NOTICE, $link = NULL) {
+function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NOTICE, $link = 'test') {
global $user, $base_root;
// Prepare the fields to be logged
@@ -825,7 +825,7 @@
// these, we return 1 (denied). If no matching records or only ones
// with status = 1, we get no return from db_result, so we return
// (bool)NULL = 0 (allowed).
- return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1));
+ return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = ? AND LOWER(?) LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1));
}
/**
Index: includes/theme.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/theme.inc,v
retrieving revision 1.388
diff -u -r1.388 theme.inc
--- includes/theme.inc 4 Oct 2007 19:24:50 -0000 1.388
+++ includes/theme.inc 5 Oct 2007 07:23:45 -0000
@@ -404,7 +404,7 @@
if (empty($list)) {
$list = array();
- $result = db_query("SELECT * FROM {system} WHERE type = '%s'", 'theme');
+ $result = db_query("SELECT * FROM {system} WHERE type = ?", 'theme');
while ($theme = db_fetch_object($result)) {
if (file_exists($theme->filename)) {
$theme->info = unserialize($theme->info);
@@ -451,7 +451,7 @@
if (!$list) {
$list = array();
- $result = db_query("SELECT * FROM {system} WHERE type = '%s' AND status = %d ORDER BY name", 'theme_engine', '1');
+ $result = db_query("SELECT * FROM {system} WHERE type = ? AND status = ? ORDER BY name", 'theme_engine', '1');
while ($engine = db_fetch_object($result)) {
if (file_exists($engine->filename)) {
$engine->info = unserialize($engine->info);
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.694
diff -u -r1.694 common.inc
--- includes/common.inc 4 Oct 2007 19:20:39 -0000 1.694
+++ includes/common.inc 5 Oct 2007 07:23:44 -0000
@@ -819,7 +819,7 @@
* The name of the event.
*/
function flood_register_event($name) {
- db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, ip_address(), time());
+ db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES (?, ?, ?)", $name, ip_address(), time());
}
/**
@@ -835,7 +835,7 @@
* True if the user did not exceed the hourly threshold. False otherwise.
*/
function flood_is_allowed($name, $threshold) {
- $number = db_result(db_query("SELECT COUNT(*) FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, ip_address(), time() - 3600));
+ $number = db_result(db_query("SELECT COUNT(*) FROM {flood} WHERE event = ? AND hostname = ? AND timestamp > ?", $name, ip_address(), time() - 3600));
return ($number < $threshold ? TRUE : FALSE);
}
@@ -3084,7 +3084,7 @@
// Build arrays for the fields, placeholders, and values in our query.
if (isset($object->$field)) {
$fields[] = $field;
- $placeholders[] = db_type_placeholder($info['type']);
+ $placeholders[] = '?';
if (empty($info['serialize'])) {
$values[] = $object->$field;
@@ -3111,7 +3111,7 @@
}
foreach ($update as $key){
- $conditions[] = "$key = ". db_type_placeholder($schema['fields'][$key]['type']);
+ $conditions[] = "$key = ?";
$values[] = $object->$key;
}
Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.42
diff -u -r1.42 session.inc
--- includes/session.inc 12 Aug 2007 15:55:35 -0000 1.42
+++ includes/session.inc 5 Oct 2007 07:23:45 -0000
@@ -29,7 +29,7 @@
}
// Otherwise, if the session is still active, we have a record of the client's session in the database.
- $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
+ $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = ?", $key));
// We found the client's session record and they are an authenticated user
if ($user && $user->uid > 0) {
@@ -39,7 +39,7 @@
// Add roles element to $user
$user->roles = array();
$user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
- $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid);
+ $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = ?", $user->uid);
while ($role = db_fetch_object($result)) {
$user->roles[$role->rid] = $role->name;
}
@@ -61,7 +61,7 @@
return TRUE;
}
- $result = db_result(db_query("SELECT COUNT(*) FROM {sessions} WHERE sid = '%s'", $key));
+ $result = db_result(db_query("SELECT COUNT(*) FROM {sessions} WHERE sid = ?", $key));
if (!$result) {
// Only save session data when when the browser sends a cookie. This keeps
@@ -69,16 +69,16 @@
// and gives more useful statistics. We can't eliminate anonymous session
// table rows without breaking throttle module and "Who's Online" block.
if ($user->uid || $value || count($_COOKIE)) {
- db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time());
+ db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES (?, ?, ?, ?, ?, ?)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time());
}
}
else {
- db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key);
+ db_query("UPDATE {sessions} SET uid = ?, cache = ?, hostname = ?, session = ?, timestamp = ? WHERE sid = ?", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key);
// Last access time is updated no more frequently than once every 180 seconds.
// This reduces contention in the users table.
if ($user->uid && time() - $user->access > variable_get('session_write_interval', 180)) {
- db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid);
+ db_query("UPDATE {users} SET access = ? WHERE uid = ?", time(), $user->uid);
}
}
@@ -102,7 +102,7 @@
session_regenerate_id();
- db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
+ db_query("UPDATE {sessions} SET sid = ? WHERE sid = ?", session_id(), $old_session_id);
}
/**
@@ -120,7 +120,7 @@
*/
function sess_count($timestamp = 0, $anonymous = true) {
$query = $anonymous ? ' AND uid = 0' : ' AND uid > 0';
- return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d'. $query, $timestamp));
+ return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= ?'. $query, $timestamp));
}
/**
@@ -130,7 +130,7 @@
* the session id
*/
function sess_destroy_sid($sid) {
- db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid);
+ db_query("DELETE FROM {sessions} WHERE sid = ?", $sid);
}
/**
@@ -140,7 +140,7 @@
* the user id
*/
function sess_destroy_uid($uid) {
- db_query('DELETE FROM {sessions} WHERE uid = %d', $uid);
+ db_query('DELETE FROM {sessions} WHERE uid = ?', $uid);
}
function sess_gc($lifetime) {
@@ -149,7 +149,7 @@
// for three weeks before deleting them, you need to set gc_maxlifetime
// to '1814400'. At that value, only after a user doesn't log in after
// three weeks (1814400 seconds) will his/her session be removed.
- db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime);
+ db_query("DELETE FROM {sessions} WHERE timestamp < ?", time() - $lifetime);
return TRUE;
}
Index: includes/database.mysql.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.mysql.inc,v
retrieving revision 1.79
diff -u -r1.79 database.mysql.inc
--- includes/database.mysql.inc 29 Aug 2007 18:38:55 -0000 1.79
+++ includes/database.mysql.inc 5 Oct 2007 07:23:44 -0000
@@ -1,5 +1,5 @@
We were unable to use the MySQL database because the MySQL extension for PHP is not installed. Check your PHP.ini to see how you can enable it.
+ drupal_set_title('PDO MySQL support not enabled');
+ print theme('maintenance_page', 'We were unable to use the MySQL database because the MySQL driver is not available. Check your PHP.ini to see how you can enable it.
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
+ $url = parse_url($url);
+
// Decode url-encoded information in the db connection string
$url['user'] = urldecode($url['user']);
// Test if database url has a password.
@@ -72,42 +59,37 @@
$url['host'] = urldecode($url['host']);
$url['path'] = urldecode($url['path']);
- // Allow for non-standard MySQL port.
- if (isset($url['port'])) {
- $url['host'] = $url['host'] .':'. $url['port'];
- }
+ $dsn = 'mysql:host='. $url['host'] .';dbname='. substr($url['path'], 1);
- // - TRUE makes mysql_connect() always open a new link, even if
- // mysql_connect() was called before with the same parameters.
- // This is important if you are using two databases on the same
- // server.
- // - 2 means CLIENT_FOUND_ROWS: return the number of found
- // (matched) rows, not the number of affected rows.
- $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, 2);
- if (!$connection) {
- // Show error screen otherwise
+ return array($dsn, $url['user'], $url['pass']);
+}
+
+/**
+ * Initialise a database connection.
+ */
+function db_connection_error($code, $message) {
+ // Find all database connection errors and error 1045 for access denied for user account
+ if ($code >= 2000 || $code == 1045) {
drupal_maintenance_theme();
drupal_set_header('HTTP/1.1 503 Service Unavailable');
drupal_set_title('Unable to connect to database server');
print theme('maintenance_page', 'If you still have to install Drupal, proceed to the installation page.
If you have already finished installed Drupal, this either means that the username and password information in your settings.php file is incorrect or that we can\'t connect to the MySQL database server. This could mean your hosting provider\'s database server is down.
-The MySQL error was: '. theme('placeholder', mysql_error()) .'.
-Currently, the username is '. theme('placeholder', $url['user']) .' and the database server is '. theme('placeholder', $url['host']) .'.
+The MySQL error was: '. theme('placeholder', $message) .'.
- Are you sure you have the correct username and password?
- Are you sure that you have typed the correct hostname?
- Are you sure that the database server is running?
+ - Are you sure that the mysqli libraries are compiled in your PHP installation? Try using the mysql library instead by editing your
settings.php configuration file in Drupal.
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
-
- if (!mysql_select_db(substr($url['path'], 1))) {
+ else if ($code > 0) {
drupal_maintenance_theme();
drupal_set_title('Unable to select database');
print theme('maintenance_page', 'We were able to connect to the MySQL database server (which means your username and password are okay) but not able to select the database.
-The MySQL error was: '. theme('placeholder', mysql_error($connection)) .'.
-Currently, the database is '. theme('placeholder', substr($url['path'], 1)) .'. The username is '. theme('placeholder', $url['user']) .' and the database server is '. theme('placeholder', $url['host']) .'.
+The MySQL error was: '. theme('placeholder', $message) .'.
- Are you sure you have the correct database name?
- Are you sure the database exists?
@@ -116,117 +98,17 @@
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
-
- /* On MySQL 4.1 and later, force UTF-8 */
- if (version_compare(mysql_get_server_info(), '4.1.0', '>=')) {
- mysql_query('SET NAMES "utf8"', $connection);
- }
- return $connection;
-}
-
-/**
- * Helper function for db_query().
- */
-function _db_query($query, $debug = 0) {
- global $active_db, $queries;
-
- if (variable_get('dev_query', 0)) {
- list($usec, $sec) = explode(' ', microtime());
- $timer = (float)$usec + (float)$sec;
- }
-
- $result = mysql_query($query, $active_db);
-
- if (variable_get('dev_query', 0)) {
- $bt = debug_backtrace();
- $query = $bt[2]['function'] ."\n". $query;
- list($usec, $sec) = explode(' ', microtime());
- $stop = (float)$usec + (float)$sec;
- $diff = $stop - $timer;
- $queries[] = array($query, $diff);
- }
-
- if ($debug) {
- print 'query: '. $query .'
error:'. mysql_error($active_db) .'
';
- }
-
- if (!mysql_errno($active_db)) {
- return $result;
- }
- else {
- // Indicate to drupal_error_handler that this is a database error.
- ${DB_ERROR} = TRUE;
- trigger_error(check_plain(mysql_error($active_db) ."\nquery: ". $query), E_USER_WARNING);
- return FALSE;
- }
-}
-
-/**
- * Fetch one result row from the previous query as an object.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An object representing the next row of the result, or FALSE. The attributes
- * of this object are the table fields selected by the query.
- */
-function db_fetch_object($result) {
- if ($result) {
- return mysql_fetch_object($result);
- }
-}
-
-/**
- * Fetch one result row from the previous query as an array.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An associative array representing the next row of the result, or FALSE.
- * The keys of this object are the names of the table fields selected by the
- * query, and the values are the field values for this result row.
- */
-function db_fetch_array($result) {
- if ($result) {
- return mysql_fetch_array($result, MYSQL_ASSOC);
- }
-}
-
-/**
- * Return an individual result field from the previous query.
- *
- * Only use this function if exactly one field is being selected; otherwise,
- * use db_fetch_object() or db_fetch_array().
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * The resulting field or FALSE.
- */
-function db_result($result) {
- if ($result && mysql_num_rows($result) > 0) {
- // The mysql_fetch_row function has an optional second parameter $row
- // but that can't be used for compatibility with Oracle, DB2, etc.
- $array = mysql_fetch_row($result);
- return $array[0];
- }
- return FALSE;
-}
-
-/**
- * Determine whether the previous query caused an error.
- */
-function db_error() {
- global $active_db;
- return mysql_errno($active_db);
}
/**
- * Determine the number of rows changed by the preceding query.
+ * Set additional paramenters when connecting to the database.
*/
-function db_affected_rows() {
- global $active_db;
- return mysql_affected_rows($active_db);
+function _db_connect($connection) {
+ // Force UTF-8.
+ $connection->exec('SET NAMES "utf8"');
+ // Enable query buffering.
+ $connection->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, TRUE);
+ //$connection->setAttribute(PDO::MYSQL_ATTR_MAX_BUFFER_SIZE, 1024);
}
/**
@@ -267,10 +149,8 @@
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
$query .= ' LIMIT '. (int)$from .', '. (int)$count;
- return _db_query($query);
+ return _db_query($query, $args);
}
/**
@@ -314,42 +194,7 @@
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- return _db_query($query);
-}
-
-/**
- * Returns a properly formatted Binary Large OBject value.
- *
- * @param $data
- * Data to encode.
- * @return
- * Encoded data.
- */
-function db_encode_blob($data) {
- global $active_db;
- return "'". mysql_real_escape_string($data, $active_db) ."'";
-}
-
-/**
- * Returns text from a Binary Large Object value.
- *
- * @param $data
- * Data to decode.
- * @return
- * Decoded data.
- */
-function db_decode_blob($data) {
- return $data;
-}
-
-/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
- */
-function db_escape_string($text) {
- global $active_db;
- return mysql_real_escape_string($text, $active_db);
+ return _db_query($query, $args);
}
/**
@@ -400,3 +245,492 @@
/**
* @} End of "ingroup database".
*/
+
+/**
+ * @ingroup schemaapi
+ * @{
+ */
+
+/**
+ * Generate SQL to create a new table from a Drupal schema definition.
+ *
+ * @param $name
+ * The name of the table to create.
+ * @param $table
+ * A Schema API table definition array.
+ * @return
+ * An array of SQL statements to create the table.
+ */
+function db_create_table_sql($name, $table) {
+
+ if (empty($table['mysql_suffix'])) {
+ $table['mysql_suffix'] = "/*!40100 DEFAULT CHARACTER SET UTF8 */";
+ }
+
+ $sql = "CREATE TABLE {". $name ."} (\n";
+
+ // Add the SQL statement for each field.
+ foreach ($table['fields'] as $field_name => $field) {
+ $sql .= _db_create_field_sql($field_name, _db_process_field($field)) .", \n";
+ }
+
+ // Process keys & indexes.
+ $keys = _db_create_keys_sql($table);
+ if (count($keys)) {
+ $sql .= implode(", \n", $keys) .", \n";
+ }
+
+ // Remove the last comma and space.
+ $sql = substr($sql, 0, -3) ."\n) ";
+
+ $sql .= $table['mysql_suffix'];
+
+ return array($sql);
+}
+
+function _db_create_keys_sql($spec) {
+ $keys = array();
+
+ if (!empty($spec['primary key'])) {
+ $keys[] = 'PRIMARY KEY ('. _db_create_key_sql($spec['primary key']) .')';
+ }
+ if (!empty($spec['unique keys'])) {
+ foreach ($spec['unique keys'] as $key => $fields) {
+ $keys[] = 'UNIQUE KEY '. $key .' ('. _db_create_key_sql($fields) .')';
+ }
+ }
+ if (!empty($spec['indexes'])) {
+ foreach ($spec['indexes'] as $index => $fields) {
+ $keys[] = 'INDEX '. $index .' ('. _db_create_key_sql($fields) .')';
+ }
+ }
+
+ return $keys;
+}
+
+function _db_create_key_sql($fields) {
+ $ret = array();
+ foreach ($fields as $field) {
+ if (is_array($field)) {
+ $ret[] = $field[0] .'('. $field[1] .')';
+ }
+ else {
+ $ret[] = $field;
+ }
+ }
+ return implode(', ', $ret);
+}
+
+/**
+ * Set database-engine specific properties for a field.
+ *
+ * @param $field
+ * A field description array, as specified in the schema documentation.
+ */
+function _db_process_field($field) {
+
+ if (!isset($field['size'])) {
+ $field['size'] = 'normal';
+ }
+
+ // Set the correct database-engine specific datatype.
+ if (!isset($field['mysql_type'])) {
+ $map = db_type_map();
+ $field['mysql_type'] = $map[$field['type'] .':'. $field['size']];
+ }
+
+ if ($field['type'] == 'serial') {
+ $field['auto_increment'] = TRUE;
+ }
+
+ return $field;
+}
+
+/**
+ * Create an SQL string for a field to be used in table creation or alteration.
+ *
+ * Before passing a field out of a schema definition into this function it has
+ * to be processed by _db_process_field().
+ *
+ * @param $name
+ * Name of the field.
+ * @param $spec
+ * The field specification, as per the schema data structure format.
+ */
+function _db_create_field_sql($name, $spec) {
+ $sql = "`". $name ."` ". $spec['mysql_type'];
+
+ if (isset($spec['length'])) {
+ $sql .= '('. $spec['length'] .')';
+ }
+ elseif (isset($spec['precision']) && isset($spec['scale'])) {
+ $sql .= '('. $spec['scale'] .', '. $spec['precision'] .')';
+ }
+
+ if (!empty($spec['unsigned'])) {
+ $sql .= ' unsigned';
+ }
+
+ if (!empty($spec['not null'])) {
+ $sql .= ' NOT NULL';
+ }
+
+ if (!empty($spec['auto_increment'])) {
+ $sql .= ' auto_increment';
+ }
+
+ if (isset($spec['default'])) {
+ if (is_string($spec['default'])) {
+ $spec['default'] = "'". $spec['default'] ."'";
+ }
+ $sql .= ' DEFAULT '. $spec['default'];
+ }
+
+ if (empty($spec['not null']) && !isset($spec['default'])) {
+ $sql .= ' DEFAULT NULL';
+ }
+
+ return $sql;
+}
+
+/**
+ * This maps a generic data type in combination with its data size
+ * to the engine-specific data type.
+ */
+function db_type_map() {
+ // Put :normal last so it gets preserved by array_flip. This makes
+ // it much easier for modules (such as schema.module) to map
+ // database types back into schema types.
+ $map = array(
+ 'varchar:normal' => 'VARCHAR',
+
+ 'text:tiny' => 'SMALLTEXT',
+ 'text:small' => 'SMALLTEXT',
+ 'text:medium' => 'MEDIUMTEXT',
+ 'text:big' => 'LONGTEXT',
+ 'text:normal' => 'TEXT',
+
+ 'serial:tiny' => 'TINYINT',
+ 'serial:small' => 'SMALLINT',
+ 'serial:medium' => 'MEDIUMINT',
+ 'serial:big' => 'BIGINT',
+ 'serial:normal' => 'INT',
+
+ 'int:tiny' => 'TINYINT',
+ 'int:small' => 'SMALLINT',
+ 'int:medium' => 'MEDIUMINT',
+ 'int:big' => 'BIGINT',
+ 'int:normal' => 'INT',
+
+ 'float:tiny' => 'FLOAT',
+ 'float:small' => 'FLOAT',
+ 'float:medium' => 'FLOAT',
+ 'float:big' => 'DOUBLE',
+ 'float:normal' => 'FLO