query: '. $query .'
error:'. $error[2] .'
';
+ }
+
+ if ($result) {
+ return $result;
+ }
+ else {
+ return FALSE;
+ }
+}
+
+/**
+ * Fetch one result row from the previous query as an object.
+ *
+ * @param $result
+ * A database query result resource, as returned from db_query().
+ * @return
+ * An object representing the next row of the result, or FALSE. The attributes
+ * of this object are the table fields selected by the query.
+ */
+function db_fetch_object($result) {
+ if ($result) {
+ return $result->fetch(PDO::FETCH_OBJ);
+ }
+}
+
+/**
+ * Fetch one result row from the previous query as an array.
+ *
+ * @param $result
+ * A database query result resource, as returned from db_query().
+ * @return
+ * An associative array representing the next row of the result, or FALSE.
+ * The keys of this object are the names of the table fields selected by the
+ * query, and the values are the field values for this result row.
+ */
+function db_fetch_array($result) {
+ if ($result) {
+ return $result->fetch(PDO::FETCH_ASSOC);
+ }
+}
+
+/**
+* Return an individual result field from the previous query.
+*
+* Only use this function if exactly one field is being selected; otherwise,
+* use db_fetch_object() or db_fetch_array().
+*
+* @param $result
+* A database query result resource, as returned from db_query().
+* @return
+* The resulting field or FALSE.
+*/
+function db_result($result) {
+ if ($result) {
+ return $result->fetchColumn();
+ }
+ return FALSE;
+}
+
+/**
+ * Determine whether the previous query caused an error.
+ */
+function db_error($result) {
+ return $result->getErrorCode();
+}
+
+/**
+ * Determine the number of rows changed by the preceding query.
+ */
+function db_affected_rows($result) {
+ return $result->rowCount();
+}
+
+/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_string($text, $type = PDO::PARAM_STR) {
+ global $active_db;
+ return $active_db->quote($text, $type);
+}
+
+/**
* Perform an SQL query and return success or failure.
*
* @param $sql
@@ -148,7 +328,7 @@
else {
drupal_maintenance_theme();
drupal_set_title('Unsupported database type');
- print theme('maintenance_page', 'The database type '. theme('placeholder', $db_type) .' is unsupported. Please use either mysql for MySQL 3.x & 4.0.x databases, mysqli for MySQL 4.1.x+ databases, or pgsql for PostgreSQL databases. The database information is in your settings.php file.
+ print theme('maintenance_page', 'The database type '. theme('placeholder', $db_type) .' is unsupported. Please use either mysql for MySQL 4.1.x+ databases, or pgsql for PostgreSQL databases. The database information is in your settings.php file.
We were unable to use the PostgreSQL database because the PostgreSQL extension for PHP is not installed. Check your PHP.ini to see how you can enable it.
@@ -55,40 +46,35 @@
}
$url = parse_url($url);
- $conn_string = '';
// Decode url-encoded information in the db connection string
- if (isset($url['user'])) {
- $conn_string .= ' user='. urldecode($url['user']);
- }
+ $url['user'] = urldecode($url['user']);
+ // Test if database url has a password.
if (isset($url['pass'])) {
- $conn_string .= ' password='. urldecode($url['pass']);
+ $url['pass'] = urldecode($url['pass']);
}
- if (isset($url['host'])) {
- $conn_string .= ' host='. urldecode($url['host']);
- }
- if (isset($url['path'])) {
- $conn_string .= ' dbname='. substr(urldecode($url['path']), 1);
- }
- if (isset($url['port'])) {
- $conn_string .= ' port='. urldecode($url['port']);
+ else {
+ $url['pass'] = '';
}
+ $url['host'] = urldecode($url['host']);
+ $url['path'] = urldecode($url['path']);
- // pg_last_error() does not return a useful error message for database
- // connection errors. We must turn on error tracking to get at a good error
- // message, which will be stored in $php_errormsg.
- $track_errors_previous = ini_get('track_errors');
- ini_set('track_errors', 1);
+ $dsn = 'pgsql:host='. $url['host'] .';dbname='. substr($url['path'], 1);
- $connection = @pg_connect($conn_string);
- if (!$connection) {
+ return array($dsn, $url['user'], $url['pass']);
+}
+
+/**
+ * Initialize a database connection.
+ */
+function db_connection_error($code, $message) {
+ if (!$code) {
drupal_maintenance_theme();
drupal_set_header('HTTP/1.1 503 Service Unavailable');
drupal_set_title('Unable to connect to database');
print theme('maintenance_page', 'If you have already finished installed Drupal, this either means that the username and password information in your settings.php file is incorrect or that we can\'t connect to the PostgreSQL database server. This could mean your hosting provider\'s database server is down.
-The PostgreSQL error was: '. theme('placeholder', decode_entities($php_errormsg)) .'
-Currently, the database is '. theme('placeholder', substr($url['path'], 1)) .', the username is '. theme('placeholder', $url['user']) .', and the database server is '. theme('placeholder', $url['host']) .'.
+The PostgreSQL error was: '. theme('placeholder', $message) .'
- Are you sure you have the correct username and password?
- Are you sure that you have typed the correct hostname?
@@ -98,142 +84,6 @@
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
-
- // Restore error tracking setting
- ini_set('track_errors', $track_errors_previous);
-
- return $connection;
-}
-
-/**
- * Runs a basic query in the active database.
- *
- * User-supplied arguments to the query should be passed in as separate
- * parameters so that they can be properly escaped to avoid SQL injection
- * attacks.
- *
- * @param $query
- * A string containing an SQL query.
- * @param ...
- * A variable number of arguments which are substituted into the query
- * using printf() syntax. Instead of a variable number of query arguments,
- * you may also pass a single array containing the query arguments.
- *
- * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
- *
- * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
- * and TRUE values to decimal 1.
- *
- * @return
- * A database query result resource, or FALSE if the query was not
- * executed correctly.
- */
-function db_query($query) {
- $args = func_get_args();
- array_shift($args);
- $query = db_prefix_tables($query);
- if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
- $args = $args[0];
- }
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- return _db_query($query);
-}
-
-/**
- * Helper function for db_query().
- */
-function _db_query($query, $debug = 0) {
- global $active_db, $last_result, $queries;
-
- if (variable_get('dev_query', 0)) {
- list($usec, $sec) = explode(' ', microtime());
- $timer = (float)$usec + (float)$sec;
- }
-
- $last_result = pg_query($active_db, $query);
-
- if (variable_get('dev_query', 0)) {
- $bt = debug_backtrace();
- $query = $bt[2]['function'] ."\n". $query;
- list($usec, $sec) = explode(' ', microtime());
- $stop = (float)$usec + (float)$sec;
- $diff = $stop - $timer;
- $queries[] = array($query, $diff);
- }
-
- if ($debug) {
- print 'query: '. $query .'
error:'. pg_last_error($active_db) .'
';
- }
-
- if ($last_result !== FALSE) {
- return $last_result;
- }
- else {
- // Indicate to drupal_error_handler that this is a database error.
- ${DB_ERROR} = TRUE;
- trigger_error(check_plain(pg_last_error($active_db) ."\nquery: ". $query), E_USER_WARNING);
- return FALSE;
- }
-}
-
-/**
- * Fetch one result row from the previous query as an object.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An object representing the next row of the result, or FALSE. The attributes
- * of this object are the table fields selected by the query.
- */
-function db_fetch_object($result) {
- if ($result) {
- return pg_fetch_object($result);
- }
-}
-
-/**
- * Fetch one result row from the previous query as an array.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An associative array representing the next row of the result, or FALSE.
- * The keys of this object are the names of the table fields selected by the
- * query, and the values are the field values for this result row.
- */
-function db_fetch_array($result) {
- if ($result) {
- return pg_fetch_assoc($result);
- }
-}
-
-/**
- * Return an individual result field from the previous query.
- *
- * Only use this function if exactly one field is being selected; otherwise,
- * use db_fetch_object() or db_fetch_array().
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * The resulting field or FALSE.
- */
-function db_result($result) {
- if ($result && pg_num_rows($result) > 0) {
- $array = pg_fetch_row($result);
- return $array[0];
- }
- return FALSE;
-}
-
-/**
- * Determine whether the previous query caused an error.
- */
-function db_error() {
- global $active_db;
- return pg_last_error($active_db);
}
/**
@@ -249,14 +99,6 @@
}
/**
- * Determine the number of rows changed by the preceding query.
- */
-function db_affected_rows() {
- global $last_result;
- return empty($last_result) ? 0 : pg_affected_rows($last_result);
-}
-
-/**
* Runs a limited-range query in the active database.
*
* Use this as a substitute for db_query() when a subset of the query
@@ -295,8 +137,6 @@
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
$query .= ' LIMIT '. (int)$count .' OFFSET '. (int)$from;
return _db_query($query);
}
@@ -342,46 +182,10 @@
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
return _db_query($query);
}
/**
- * Returns a properly formatted Binary Large OBject value.
- * In case of PostgreSQL encodes data for insert into bytea field.
- *
- * @param $data
- * Data to encode.
- * @return
- * Encoded data.
- */
-function db_encode_blob($data) {
- return "'". pg_escape_bytea($data) ."'";
-}
-
-/**
- * Returns text from a Binary Large OBject value.
- * In case of PostgreSQL decodes data after select from bytea field.
- *
- * @param $data
- * Data to decode.
- * @return
- * Decoded data.
- */
-function db_decode_blob($data) {
- return pg_unescape_bytea($data);
-}
-
-/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
- * Note: This function requires PostgreSQL 7.2 or later.
- */
-function db_escape_string($text) {
- return pg_escape_string($text);
-}
-
-/**
* Lock a table.
* This function automatically starts a transaction.
*/
@@ -700,7 +504,7 @@
$ret[] = update_sql($query);
if (isset($spec['initial'])) {
// All this because update_sql does not support %-placeholders.
- $sql = 'UPDATE {'. $table .'} SET '. $field .' = '. db_type_placeholder($spec['type']);
+ $sql = 'UPDATE {'. $table .'} SET '. $field .' = ?';
$result = db_query($sql, $spec['initial']);
$ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql .' ('. $spec['initial'] .')'));
}
Index: includes/module.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/module.inc,v
retrieving revision 1.111
diff -u -r1.111 module.inc
--- includes/module.inc 4 Sep 2007 21:10:45 -0000 1.111
+++ includes/module.inc 5 Oct 2007 07:23:45 -0000
@@ -138,13 +138,13 @@
// Update the contents of the system table:
if (isset($file->status) || (isset($file->old_filename) && $file->old_filename != $file->filename)) {
- db_query("UPDATE {system} SET info = '%s', name = '%s', filename = '%s', bootstrap = %d WHERE filename = '%s'", serialize($files[$filename]->info), $file->name, $file->filename, $bootstrap, $file->old_filename);
+ db_query("UPDATE {system} SET info = ?, name = ?, filename = ?, bootstrap = ? WHERE filename = ?", serialize($files[$filename]->info), $file->name, $file->filename, $bootstrap, $file->old_filename);
}
else {
// This is a new module.
$files[$filename]->status = 0;
$files[$filename]->throttle = 0;
- db_query("INSERT INTO {system} (name, info, type, filename, status, throttle, bootstrap) VALUES ('%s', '%s', '%s', '%s', %d, %d, %d)", $file->name, serialize($files[$filename]->info), 'module', $file->filename, 0, 0, $bootstrap);
+ db_query("INSERT INTO {system} (name, info, type, filename, status, throttle, bootstrap) VALUES (?, ?, ?, ?, ?, ?, ?)", $file->name, serialize($files[$filename]->info), 'module', $file->filename, 0, 0, $bootstrap);
}
}
$files = _module_build_dependents($files);
@@ -242,10 +242,10 @@
function module_enable($module_list) {
$invoke_modules = array();
foreach ($module_list as $module) {
- $existing = db_fetch_object(db_query("SELECT status FROM {system} WHERE type = '%s' AND name = '%s'", 'module', $module));
+ $existing = db_fetch_object(db_query("SELECT status FROM {system} WHERE type = ? AND name = ?", 'module', $module));
if ($existing->status == 0) {
module_load_install($module);
- db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = '%s' AND name = '%s'", 1, 0, 'module', $module);
+ db_query("UPDATE {system} SET status = ?, throttle = ? WHERE type = ? AND name = ?", 1, 0, 'module', $module);
drupal_load('module', $module);
$invoke_modules[] = $module;
}
@@ -284,7 +284,7 @@
module_load_install($module);
module_invoke($module, 'disable');
- db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = '%s' AND name = '%s'", 0, 0, 'module', $module);
+ db_query("UPDATE {system} SET status = ?, throttle = ? WHERE type = ? AND name = ?", 0, 0, 'module', $module);
$invoke_modules[] = $module;
}
}
Index: includes/cache.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/cache.inc,v
retrieving revision 1.14
diff -u -r1.14 cache.inc
--- includes/cache.inc 26 Aug 2007 09:33:49 -0000 1.14
+++ includes/cache.inc 5 Oct 2007 07:23:43 -0000
@@ -18,16 +18,15 @@
$cache_flush = variable_get('cache_flush', 0);
if ($cache_flush && ($cache_flush + variable_get('cache_lifetime', 0) <= time())) {
// Time to flush old cache data
- db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire <= %d", CACHE_PERMANENT, $cache_flush);
+ db_query("DELETE FROM {". $table ."} WHERE expire != ? AND expire <= ?", CACHE_PERMANENT, $cache_flush);
variable_set('cache_flush', 0);
}
- $cache = db_fetch_object(db_query("SELECT data, created, headers, expire, serialized FROM {". $table ."} WHERE cid = '%s'", $cid));
+ $cache = db_fetch_object(db_query("SELECT data, created, headers, expire, serialized FROM {". $table ."} WHERE cid = ?", $cid));
if (isset($cache->data)) {
// If the data is permanent or we're not enforcing a minimum cache lifetime
// always return the cached data.
if ($cache->expire == CACHE_PERMANENT || !variable_get('cache_lifetime', 0)) {
- $cache->data = db_decode_blob($cache->data);
if ($cache->serialized) {
$cache->data = unserialize($cache->data);
}
@@ -43,7 +42,6 @@
return 0;
}
else {
- $cache->data = db_decode_blob($cache->data);
if ($cache->serialized) {
$cache->data = unserialize($cache->data);
}
@@ -105,9 +103,9 @@
$serialized = 1;
}
$created = time();
- db_query("UPDATE {". $table ."} SET data = %b, created = %d, expire = %d, headers = '%s', serialized = %d WHERE cid = '%s'", $data, $created, $expire, $headers, $serialized, $cid);
- if (!db_affected_rows()) {
- @db_query("INSERT INTO {". $table ."} (cid, data, created, expire, headers, serialized) VALUES ('%s', %b, %d, %d, '%s', %d)", $cid, $data, $created, $expire, $headers, $serialized);
+ $result = db_query("UPDATE {". $table ."} SET data = ?, created = ?, expire = ?, headers = ?, serialized = ? WHERE cid = ?", $data, $created, $expire, $headers, $serialized, $cid);
+ if (!db_affected_rows($result)) {
+ @db_query("INSERT INTO {". $table ."} (cid, data, created, expire, headers, serialized) VALUES (?, ?, ?, ?, ?, ?)", $cid, $data, $created, $expire, $headers, $serialized);
}
}
@@ -154,13 +152,13 @@
else if (time() > ($cache_flush + variable_get('cache_lifetime', 0))) {
// Clear the cache for everyone, cache_flush_delay seconds have
// passed since the first request to clear the cache.
- db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time());
+ db_query("DELETE FROM {". $table ."} WHERE expire != ? AND expire < ?", CACHE_PERMANENT, time());
variable_set('cache_flush', 0);
}
}
else {
// No minimum cache lifetime, flush all temporary cache entries now.
- db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time());
+ db_query("DELETE FROM {". $table ."} WHERE expire != ? AND expire < ?", CACHE_PERMANENT, time());
}
}
else {
@@ -173,7 +171,7 @@
}
}
else {
- db_query("DELETE FROM {". $table ."} WHERE cid = '%s'", $cid);
+ db_query("DELETE FROM {". $table ."} WHERE cid = ?", $cid);
}
}
}
Index: includes/locale.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/locale.inc,v
retrieving revision 1.154
diff -u -r1.154 locale.inc
--- includes/locale.inc 4 Sep 2007 21:10:45 -0000 1.154
+++ includes/locale.inc 5 Oct 2007 07:23:45 -0000
@@ -114,7 +114,7 @@
$language->enabled = 0;
}
$language->weight = $form_state['values']['weight'][$langcode];
- db_query("UPDATE {languages} SET enabled = %d, weight = %d WHERE language = '%s'", $language->enabled, $language->weight, $langcode);
+ db_query("UPDATE {languages} SET enabled = ?, weight = ? WHERE language = ?", $language->enabled, $language->weight, $langcode);
$languages[$langcode] = $language;
}
drupal_set_message(t('Configuration saved.'));
@@ -193,7 +193,7 @@
* Language code of the language to edit.
*/
function locale_languages_edit_form(&$form_state, $langcode) {
- if ($language = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = '%s'", $langcode))) {
+ if ($language = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = ?", $langcode))) {
$form = array();
_locale_languages_common_controls($form, $language);
$form['submit'] = array(
@@ -285,7 +285,7 @@
function locale_languages_predefined_form_validate($form, &$form_state) {
$langcode = $form_state['values']['langcode'];
- if ($duplicate = db_result(db_query("SELECT COUNT(*) FROM {languages} WHERE language = '%s'", $langcode)) != 0) {
+ if ($duplicate = db_result(db_query("SELECT COUNT(*) FROM {languages} WHERE language = ?", $langcode)) != 0) {
form_set_error('langcode', t('The language %language (%code) already exists.', array('%language' => $form_state['values']['name'], '%code' => $langcode)));
}
@@ -336,13 +336,13 @@
if (!empty($form_state['values']['domain']) && !empty($form_state['values']['prefix'])) {
form_set_error('prefix', t('Domain and path prefix values should not be set at the same time.'));
}
- if (!empty($form_state['values']['domain']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE domain = '%s' AND language != '%s'", $form_state['values']['domain'], $form_state['values']['langcode']))) {
+ if (!empty($form_state['values']['domain']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE domain = ? AND language != ?", $form_state['values']['domain'], $form_state['values']['langcode']))) {
form_set_error('domain', t('The domain (%domain) is already tied to a language (%language).', array('%domain' => $form_state['values']['domain'], '%language' => $duplicate->language)));
}
if (empty($form_state['values']['prefix']) && language_default('language') != $form_state['values']['langcode'] && empty($form_state['values']['domain'])) {
form_set_error('prefix', t('Only the default language can have both the domain and prefix empty.'));
}
- if (!empty($form_state['values']['prefix']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE prefix = '%s' AND language != '%s'", $form_state['values']['prefix'], $form_state['values']['langcode']))) {
+ if (!empty($form_state['values']['prefix']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE prefix = ? AND language != ?", $form_state['values']['prefix'], $form_state['values']['langcode']))) {
form_set_error('prefix', t('The prefix (%prefix) is already tied to a language (%language).', array('%prefix' => $form_state['values']['prefix'], '%language' => $duplicate->language)));
}
}
@@ -351,7 +351,7 @@
* Process the language editing form submission.
*/
function locale_languages_edit_form_submit($form, &$form_state) {
- db_query("UPDATE {languages} SET name = '%s', native = '%s', domain = '%s', prefix = '%s', direction = %d WHERE language = '%s'", $form_state['values']['name'], $form_state['values']['native'], $form_state['values']['domain'], $form_state['values']['prefix'], $form_state['values']['direction'], $form_state['values']['langcode']);
+ db_query("UPDATE {languages} SET name = ?, native = ?, domain = ?, prefix = ?, direction = ? WHERE language = ?", $form_state['values']['name'], $form_state['values']['native'], $form_state['values']['domain'], $form_state['values']['prefix'], $form_state['values']['direction'], $form_state['values']['langcode']);
$default = language_default();
if ($default->language == $form_state['values']['langcode']) {
$properties = array('name', 'native', 'direction', 'enabled', 'plurals', 'formula', 'domain', 'prefix', 'weight');
@@ -408,9 +408,9 @@
function locale_languages_delete_form_submit($form, &$form_state) {
$languages = language_list();
if (isset($languages[$form_state['values']['langcode']])) {
- db_query("DELETE FROM {languages} WHERE language = '%s'", $form_state['values']['langcode']);
- db_query("DELETE FROM {locales_target} WHERE language = '%s'", $form_state['values']['langcode']);
- db_query("UPDATE {node} SET language = '' WHERE language = '%s'", $form_state['values']['langcode']);
+ db_query("DELETE FROM {languages} WHERE language = ?", $form_state['values']['langcode']);
+ db_query("DELETE FROM {locales_target} WHERE language = ?", $form_state['values']['langcode']);
+ db_query("UPDATE {node} SET language = '' WHERE language = ?", $form_state['values']['langcode']);
$variables = array('%locale' => $languages[$form_state['values']['langcode']]->name);
drupal_set_message(t('The language %locale has been removed.', $variables));
watchdog('locale', 'The language %locale has been removed.', $variables);
@@ -755,7 +755,7 @@
*/
function locale_translate_edit_form(&$form_state, $lid) {
// Fetch source string, if possible.
- $source = db_fetch_object(db_query('SELECT source, textgroup, location FROM {locales_source} WHERE lid = %d', $lid));
+ $source = db_fetch_object(db_query('SELECT source, textgroup, location FROM {locales_source} WHERE lid = ?', $lid));
if (!$source) {
drupal_set_message(t('String not found.'), 'error');
drupal_goto('admin/build/translate/search');
@@ -802,7 +802,7 @@
}
// Fetch translations and fill in default values in the form.
- $result = db_query("SELECT DISTINCT translation, language FROM {locales_target} WHERE lid = %d AND language != '%s'", $lid, $omit);
+ $result = db_query("SELECT DISTINCT translation, language FROM {locales_target} WHERE lid = ? AND language != ?", $lid, $omit);
while ($translation = db_fetch_object($result)) {
$form['translations'][$translation->language]['#default_value'] = $translation->translation;
}
@@ -818,19 +818,19 @@
function locale_translate_edit_form_submit($form, &$form_state) {
$lid = $form_state['values']['lid'];
foreach ($form_state['values']['translations'] as $key => $value) {
- $translation = db_result(db_query("SELECT translation FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $key));
+ $translation = db_result(db_query("SELECT translation FROM {locales_target} WHERE lid = ? AND language = ?", $lid, $key));
if (!empty($value)) {
// Only update or insert if we have a value to use.
if (!empty($translation)) {
- db_query("UPDATE {locales_target} SET translation = '%s' WHERE lid = %d AND language = '%s'", $value, $lid, $key);
+ db_query("UPDATE {locales_target} SET translation = ? WHERE lid = ? AND language = ?", $value, $lid, $key);
}
else {
- db_query("INSERT INTO {locales_target} (lid, translation, language) VALUES (%d, '%s', '%s')", $lid, $value, $key);
+ db_query("INSERT INTO {locales_target} (lid, translation, language) VALUES (?, ?, ?)", $lid, $value, $key);
}
}
elseif (!empty($translation)) {
// Empty translation entered: remove existing entry from database.
- db_query("DELETE FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $key);
+ db_query("DELETE FROM {locales_target} WHERE lid = ? AND language = ?", $lid, $key);
}
// Refresh the JS file for this language.
@@ -858,9 +858,9 @@
* Delete a language string.
*/
function locale_translate_delete($lid) {
- $langcode = db_result(db_query('SELECT language FROM {locales_target} WHERE lid = %d', $lid));
- db_query('DELETE FROM {locales_source} WHERE lid = %d', $lid);
- db_query('DELETE FROM {locales_target} WHERE lid = %d', $lid);
+ $langcode = db_result(db_query('SELECT language FROM {locales_target} WHERE lid = ?', $lid));
+ db_query('DELETE FROM {locales_source} WHERE lid = ?', $lid);
+ db_query('DELETE FROM {locales_target} WHERE lid = ?', $lid);
if ($langcode) {
_locale_rebuild_js($langcode);
}
@@ -913,7 +913,7 @@
$direction = isset($predefined[$langcode][2]) ? $predefined[$langcode][2] : LANGUAGE_LTR;
}
- db_query("INSERT INTO {languages} (language, name, native, direction, domain, prefix, enabled) VALUES ('%s', '%s', '%s', %d, '%s', '%s', %d)", $langcode, $name, $native, $direction, $domain, $prefix, $enabled);
+ db_query("INSERT INTO {languages} (language, name, native, direction, domain, prefix, enabled) VALUES (?, ?, ?, ?, ?, ?, ?)", $langcode, $name, $native, $direction, $domain, $prefix, $enabled);
// Only set it as default if enabled.
if ($enabled && $default) {
@@ -955,7 +955,7 @@
}
// Check if we have the language already in the database.
- if (!db_fetch_object(db_query("SELECT language FROM {languages} WHERE language = '%s'", $langcode))) {
+ if (!db_fetch_object(db_query("SELECT language FROM {languages} WHERE language = ?", $langcode))) {
drupal_set_message(t('The language selected for import is not supported.'), 'error');
return FALSE;
}
@@ -1195,10 +1195,10 @@
// Get the plural formula and update in database.
if (isset($header["Plural-Forms"]) && $p = _locale_import_parse_plural_forms($header["Plural-Forms"], $file->filename)) {
list($nplurals, $plural) = $p;
- db_query("UPDATE {languages} SET plurals = %d, formula = '%s' WHERE language = '%s'", $nplurals, $plural, $lang);
+ db_query("UPDATE {languages} SET plurals = ?, formula = ? WHERE language = ?", $nplurals, $plural, $lang);
}
else {
- db_query("UPDATE {languages} SET plurals = %d, formula = '%s' WHERE language = '%s'", 0, '', $lang);
+ db_query("UPDATE {languages} SET plurals = ?, formula = ? WHERE language = ?", 0, '', $lang);
}
$headerdone = TRUE;
}
@@ -1260,35 +1260,35 @@
* The string ID of the existing string modified or the new string added.
*/
function _locale_import_one_string_db(&$report, $langcode, $source, $translation, $textgroup, $location, $mode, $plid = NULL, $plural = NULL) {
- $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup));
+ $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = ? AND textgroup = ?", $source, $textgroup));
if (!empty($translation)) {
if ($lid) {
// We have this source string saved already.
- db_query("UPDATE {locales_source} SET location = '%s' WHERE lid = %d", $location, $lid);
- $exists = (bool) db_result(db_query("SELECT lid FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $langcode));
+ db_query("UPDATE {locales_source} SET location = ? WHERE lid = ?", $location, $lid);
+ $exists = (bool) db_result(db_query("SELECT lid FROM {locales_target} WHERE lid = ? AND language = ?", $lid, $langcode));
if (!$exists) {
// No translation in this language.
- db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural);
+ db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (?, ?, ?, ?, ?)", $lid, $langcode, $translation, $plid, $plural);
$report[0]++;
}
else if ($mode == LOCALE_IMPORT_OVERWRITE) {
// Translation exists, only overwrite if instructed.
- db_query("UPDATE {locales_target} SET translation = '%s', plid = %d, plural = %d WHERE language = '%s' AND lid = %d", $translation, $plid, $plural, $langcode, $lid);
+ db_query("UPDATE {locales_target} SET translation = ?, plid = ?, plural = ? WHERE language = ? AND lid = ?", $translation, $plid, $plural, $langcode, $lid);
$report[1]++;
}
}
else {
// No such source string in the database yet.
- db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES ('%s', '%s', '%s')", $location, $source, $textgroup);
- $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup));
- db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural);
+ db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES (?, ?, ?)", $location, $source, $textgroup);
+ $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = ? AND textgroup = ?", $source, $textgroup));
+ db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (?, ?, ?, ?, ?)", $lid, $langcode, $translation, $plid, $plural);
$report[0]++;
}
}
elseif ($mode == LOCALE_IMPORT_OVERWRITE) {
// Empty translation, remove existing if instructed.
- db_query("DELETE FROM {locales_target} WHERE language = '%s' AND lid = %d AND plid = %d AND plural = %d", $translation, $langcode, $lid, $plid, $plural);
+ db_query("DELETE FROM {locales_target} WHERE language = ? AND lid = ? AND plid = ? AND plural = ?", $translation, $langcode, $lid, $plid, $plural);
$report[2]++;
}
@@ -1664,7 +1664,7 @@
// Remove the quotes and string concatenations from the string.
$string = implode('', preg_split('~(?lid);
+ db_query("UPDATE {locales_source} SET location = ? WHERE lid = ?", $locations, $source->lid);
}
}
else {
// We don't have the source string yet, thus we insert it into the database.
- db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES ('%s', '%s', 'default')", $filepath, $string);
+ db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES (?, ?, 'default')", $filepath, $string);
}
}
}
@@ -1704,10 +1704,10 @@
*/
function _locale_export_get_strings($language = NULL, $group = 'default') {
if (isset($language)) {
- $result = db_query("SELECT s.lid, s.source, s.location, t.translation, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = '%s' WHERE s.textgroup = '%s' ORDER BY t.plid, t.plural", $language->language, $group);
+ $result = db_query("SELECT s.lid, s.source, s.location, t.translation, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = ? WHERE s.textgroup = ? ORDER BY t.plid, t.plural", $language->language, $group);
}
else {
- $result = db_query("SELECT s.lid, s.source, s.location, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid WHERE s.textgroup = '%s' ORDER BY t.plid, t.plural", $group);
+ $result = db_query("SELECT s.lid, s.source, s.location, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid WHERE s.textgroup = ? ORDER BY t.plid, t.plural", $group);
}
$strings = array();
while ($child = db_fetch_object($result)) {
@@ -1961,7 +1961,7 @@
}
$grouplimit = '';
if (!empty($query['group']) && $query['group'] != 'all') {
- $grouplimit = " AND s.textgroup = '%s'";
+ $grouplimit = " AND s.textgroup = ?";
$arguments[] = $query['group'];
}
@@ -1980,7 +1980,7 @@
break;
// Some different language
default:
- $sql = "$join AND t.language = '%s' $where $grouplimit $orderby";
+ $sql = "$join AND t.language = ? $where $grouplimit $orderby";
array_unshift($arguments, $query['language']);
// Don't show translation flags for other languages, we can't see them with this search.
$limit_language = $query['language'];
@@ -2057,7 +2057,7 @@
// Construct the array for JavaScript translations.
// We sort on plural so that we have all plural forms before singular forms.
- $result = db_query("SELECT s.lid, s.source, t.plid, t.plural, t.translation FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = '%s' WHERE s.location LIKE '%%.js%%' AND s.textgroup = 'default' ORDER BY t.plural DESC", $language->language);
+ $result = db_query("SELECT s.lid, s.source, t.plid, t.plural, t.translation FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = ? WHERE s.location LIKE '%%.js%%' AND s.textgroup = 'default' ORDER BY t.plural DESC", $language->language);
$translations = $plurals = array();
while ($data = db_fetch_object($result)) {
@@ -2124,14 +2124,14 @@
$language->javascript = $filepath ? $data_hash : '';
// Save the new JavaScript hash.
- db_query("UPDATE {languages} SET javascript = '%s' WHERE language = '%s'", $language->javascript, $language->language);
+ db_query("UPDATE {languages} SET javascript = ? WHERE language = ?", $language->javascript, $language->language);
// Update the default language variable if the default language has been altered.
// This is necessary to keep the variable consistent with the database
// version of the language and to prevent checking against an outdated hash.
$default_langcode = language_default('language');
if ($default_langcode == $language->language) {
- $default = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = '%s'", $default_langcode));
+ $default = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = ?", $default_langcode));
variable_set('language_default', $default);
}
@@ -2156,7 +2156,7 @@
elseif (!empty($language->javascript)) {
// Delete the old JavaScript file
file_delete(file_create_path(variable_get('locale_js_directory', 'languages') .'/'. $language->language .'_'. $language->javascript .'.js'));
- db_query("UPDATE {languages} SET javascript = '' WHERE language = '%s'", $language->language);
+ db_query("UPDATE {languages} SET javascript = '' WHERE language = ?", $language->language);
watchdog('locale', 'Deleted JavaScript translation file for the locale %language.', array('%language' => t($language->name)));
}
}
Index: includes/install.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/install.inc,v
retrieving revision 1.48
diff -u -r1.48 install.inc
--- includes/install.inc 7 Sep 2007 10:48:24 -0000 1.48
+++ includes/install.inc 5 Oct 2007 07:23:44 -0000
@@ -70,7 +70,7 @@
if (!$versions) {
$versions = array();
- $result = db_query("SELECT name, schema_version FROM {system} WHERE type = '%s'", 'module');
+ $result = db_query("SELECT name, schema_version FROM {system} WHERE type = ?", 'module');
while ($row = db_fetch_object($result)) {
$versions[$row->name] = $row->schema_version;
}
@@ -88,7 +88,7 @@
* The new schema version.
*/
function drupal_set_installed_schema_version($module, $version) {
- db_query("UPDATE {system} SET schema_version = %d WHERE name = '%s'", $version, $module);
+ db_query("UPDATE {system} SET schema_version = ? WHERE name = ?", $version, $module);
}
/**
@@ -144,7 +144,7 @@
function drupal_detect_database_types() {
$databases = array();
- foreach (array('mysql', 'mysqli', 'pgsql') as $type) {
+ foreach (array('mysql', 'pgsql') as $type) {
if (file_exists('./includes/install.'. $type .'.inc')) {
include_once './includes/install.'. $type .'.inc';
$function = $type .'_is_available';
@@ -312,7 +312,7 @@
module_invoke('system', 'install');
$system_versions = drupal_get_schema_versions('system');
$system_version = $system_versions ? max($system_versions) : SCHEMA_INSTALLED;
- db_query("INSERT INTO {system} (filename, name, type, owner, status, throttle, bootstrap, schema_version) VALUES('%s', '%s', '%s', '%s', %d, %d, %d, %d)", $system_path .'/system.module', 'system', 'module', '', 1, 0, 0, $system_version);
+ db_query("INSERT INTO {system} (filename, name, type, owner, status, throttle, bootstrap, schema_version) VALUES(?, ?, ?, ?, ?, ?, ?, ?)", $system_path .'/system.module', 'system', 'module', '', 1, 0, 0, $system_version);
// Now that we've installed things properly, bootstrap the full Drupal environment
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
@@ -369,7 +369,7 @@
}
$paths[$index] = implode('/', $parts);
}
- $placeholders = implode(', ', array_fill(0, count($paths), "'%s'"));
+ $placeholders = implode(', ', array_fill(0, count($paths), '?'));
$result = db_query('SELECT * FROM {menu_links} WHERE router_path IN ('. $placeholders .') AND external = 0 ORDER BY depth DESC', $paths);
// Remove all such items. Starting from those with the greatest depth will
Index: includes/database.mysql-common.inc
===================================================================
RCS file: includes/database.mysql-common.inc
diff -N includes/database.mysql-common.inc
--- includes/database.mysql-common.inc 2 Oct 2007 16:15:56 -0000 1.13
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,532 +0,0 @@
- $field) {
- $sql .= _db_create_field_sql($field_name, _db_process_field($field)) .", \n";
- }
-
- // Process keys & indexes.
- $keys = _db_create_keys_sql($table);
- if (count($keys)) {
- $sql .= implode(", \n", $keys) .", \n";
- }
-
- // Remove the last comma and space.
- $sql = substr($sql, 0, -3) ."\n) ";
-
- $sql .= $table['mysql_suffix'];
-
- return array($sql);
-}
-
-function _db_create_keys_sql($spec) {
- $keys = array();
-
- if (!empty($spec['primary key'])) {
- $keys[] = 'PRIMARY KEY ('. _db_create_key_sql($spec['primary key']) .')';
- }
- if (!empty($spec['unique keys'])) {
- foreach ($spec['unique keys'] as $key => $fields) {
- $keys[] = 'UNIQUE KEY '. $key .' ('. _db_create_key_sql($fields) .')';
- }
- }
- if (!empty($spec['indexes'])) {
- foreach ($spec['indexes'] as $index => $fields) {
- $keys[] = 'INDEX '. $index .' ('. _db_create_key_sql($fields) .')';
- }
- }
-
- return $keys;
-}
-
-function _db_create_key_sql($fields) {
- $ret = array();
- foreach ($fields as $field) {
- if (is_array($field)) {
- $ret[] = $field[0] .'('. $field[1] .')';
- }
- else {
- $ret[] = $field;
- }
- }
- return implode(', ', $ret);
-}
-
-/**
- * Set database-engine specific properties for a field.
- *
- * @param $field
- * A field description array, as specified in the schema documentation.
- */
-function _db_process_field($field) {
-
- if (!isset($field['size'])) {
- $field['size'] = 'normal';
- }
-
- // Set the correct database-engine specific datatype.
- if (!isset($field['mysql_type'])) {
- $map = db_type_map();
- $field['mysql_type'] = $map[$field['type'] .':'. $field['size']];
- }
-
- if ($field['type'] == 'serial') {
- $field['auto_increment'] = TRUE;
- }
-
- return $field;
-}
-
-/**
- * Create an SQL string for a field to be used in table creation or alteration.
- *
- * Before passing a field out of a schema definition into this function it has
- * to be processed by _db_process_field().
- *
- * @param $name
- * Name of the field.
- * @param $spec
- * The field specification, as per the schema data structure format.
- */
-function _db_create_field_sql($name, $spec) {
- $sql = "`". $name ."` ". $spec['mysql_type'];
-
- if (isset($spec['length'])) {
- $sql .= '('. $spec['length'] .')';
- }
- elseif (isset($spec['precision']) && isset($spec['scale'])) {
- $sql .= '('. $spec['scale'] .', '. $spec['precision'] .')';
- }
-
- if (!empty($spec['unsigned'])) {
- $sql .= ' unsigned';
- }
-
- if (!empty($spec['not null'])) {
- $sql .= ' NOT NULL';
- }
-
- if (!empty($spec['auto_increment'])) {
- $sql .= ' auto_increment';
- }
-
- if (isset($spec['default'])) {
- if (is_string($spec['default'])) {
- $spec['default'] = "'". $spec['default'] ."'";
- }
- $sql .= ' DEFAULT '. $spec['default'];
- }
-
- if (empty($spec['not null']) && !isset($spec['default'])) {
- $sql .= ' DEFAULT NULL';
- }
-
- return $sql;
-}
-
-/**
- * This maps a generic data type in combination with its data size
- * to the engine-specific data type.
- */
-function db_type_map() {
- // Put :normal last so it gets preserved by array_flip. This makes
- // it much easier for modules (such as schema.module) to map
- // database types back into schema types.
- $map = array(
- 'varchar:normal' => 'VARCHAR',
-
- 'text:tiny' => 'SMALLTEXT',
- 'text:small' => 'SMALLTEXT',
- 'text:medium' => 'MEDIUMTEXT',
- 'text:big' => 'LONGTEXT',
- 'text:normal' => 'TEXT',
-
- 'serial:tiny' => 'TINYINT',
- 'serial:small' => 'SMALLINT',
- 'serial:medium' => 'MEDIUMINT',
- 'serial:big' => 'BIGINT',
- 'serial:normal' => 'INT',
-
- 'int:tiny' => 'TINYINT',
- 'int:small' => 'SMALLINT',
- 'int:medium' => 'MEDIUMINT',
- 'int:big' => 'BIGINT',
- 'int:normal' => 'INT',
-
- 'float:tiny' => 'FLOAT',
- 'float:small' => 'FLOAT',
- 'float:medium' => 'FLOAT',
- 'float:big' => 'DOUBLE',
- 'float:normal' => 'FLOAT',
-
- 'numeric:normal' => 'NUMERIC',
-
- 'blob:big' => 'LONGBLOB',
- 'blob:normal' => 'BLOB',
-
- 'datetime:normal' => 'DATETIME',
- );
- return $map;
-}
-
-/**
- * Rename a table.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be renamed.
- * @param $new_name
- * The new name for the table.
- */
-function db_rename_table(&$ret, $table, $new_name) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} RENAME TO {'. $new_name .'}');
-}
-
-/**
- * Drop a table.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be dropped.
- */
-function db_drop_table(&$ret, $table) {
- $ret[] = update_sql('DROP TABLE {'. $table .'}');
-}
-
-/**
- * Add a new field to a table.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * Name of the table to be altered.
- * @param $field
- * Name of the field to be added.
- * @param $spec
- * The field specification array, as taken from a schema definition.
- * The specification may also contain the key 'initial', the newly
- * created field will be set to the value of the key in all rows.
- * This is most useful for creating NOT NULL columns with no default
- * value in existing tables.
- * @param $keys_new
- * Optional keys and indexes specification to be created on the
- * table along with adding the field. The format is the same as a
- * table specification but without the 'fields' element. If you are
- * adding a type 'serial' field, you MUST specify at least one key
- * or index including it in this array. @see db_change_field for more
- * explanation why.
- */
-function db_add_field(&$ret, $table, $field, $spec, $keys_new = array()) {
- $fixnull = FALSE;
- if (!empty($spec['not null']) && !isset($spec['default'])) {
- $fixnull = TRUE;
- $spec['not null'] = FALSE;
- }
- $query = 'ALTER TABLE {'. $table .'} ADD ';
- $query .= _db_create_field_sql($field, _db_process_field($spec));
- if (count($keys_new)) {
- $query .= ', ADD '. implode(', ADD ', _db_create_keys_sql($keys_new));
- }
- $ret[] = update_sql($query);
- if (isset($spec['initial'])) {
- // All this because update_sql does not support %-placeholders.
- $sql = 'UPDATE {'. $table .'} SET '. $field .' = '. db_type_placeholder($spec['type']);
- $result = db_query($sql, $spec['initial']);
- $ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql .' ('. $spec['initial'] .')'));
- }
- if ($fixnull) {
- $spec['not null'] = TRUE;
- db_change_field($ret, $table, $field, $field, $spec);
- }
-}
-
-/**
- * Drop a field.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $field
- * The field to be dropped.
- */
-function db_drop_field(&$ret, $table, $field) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP '. $field);
-}
-
-/**
- * Set the default value for a field.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $field
- * The field to be altered.
- * @param $default
- * Default value to be set. NULL for 'default NULL'.
- */
-function db_field_set_default(&$ret, $table, $field, $default) {
- if ($default == NULL) {
- $default = 'NULL';
- }
- else {
- $default = is_string($default) ? "'$default'" : $default;
- }
-
- $ret[] = update_sql('ALTER TABLE {'. $table .'} ALTER COLUMN '. $field .' SET DEFAULT '. $default);
-}
-
-/**
- * Set a field to have no default value.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $field
- * The field to be altered.
- */
-function db_field_set_no_default(&$ret, $table, $field) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} ALTER COLUMN '. $field .' DROP DEFAULT');
-}
-
-/**
- * Add a primary key.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $fields
- * Fields for the primary key.
- */
-function db_add_primary_key(&$ret, $table, $fields) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} ADD PRIMARY KEY ('.
- _db_create_key_sql($fields) .')');
-}
-
-/**
- * Drop the primary key.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- */
-function db_drop_primary_key(&$ret, $table) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP PRIMARY KEY');
-}
-
-/**
- * Add a unique key.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $name
- * The name of the key.
- * @param $fields
- * An array of field names.
- */
-function db_add_unique_key(&$ret, $table, $name, $fields) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} ADD UNIQUE KEY '.
- $name .' ('. _db_create_key_sql($fields) .')');
-}
-
-/**
- * Drop a unique key.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $name
- * The name of the key.
- */
-function db_drop_unique_key(&$ret, $table, $name) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP KEY '. $name);
-}
-
-/**
- * Add an index.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $name
- * The name of the index.
- * @param $fields
- * An array of field names.
- */
-function db_add_index(&$ret, $table, $name, $fields) {
- $query = 'ALTER TABLE {'. $table .'} ADD INDEX '. $name .' ('. _db_create_key_sql($fields) .')';
- $ret[] = update_sql($query);
-}
-
-/**
- * Drop an index.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * The table to be altered.
- * @param $name
- * The name of the index.
- */
-function db_drop_index(&$ret, $table, $name) {
- $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP INDEX '. $name);
-}
-
-/**
- * Change a field definition.
- *
- * IMPORTANT NOTE: To maintain database portability, you have to explicitly
- * recreate all indices and primary keys that are using the changed field.
- *
- * That means that you have to drop all affected keys and indexes with
- * db_drop_{primary_key,unique_key,index}() before calling db_change_field().
- * To recreate the keys and indices, pass the key definitions as the
- * optional $keys_new argument directly to db_change_field().
- *
- * For example, suppose you have:
- * @code
- * $schema['foo'] = array(
- * 'fields' => array(
- * 'bar' => array('type' => 'int', 'not null' => TRUE)
- * ),
- * 'primary key' => array('bar')
- * );
- * @endcode
- * and you want to change foo.bar to be type serial, leaving it as the
- * primary key. The correct sequence is:
- * @code
- * db_drop_primary_key($ret, 'foo');
- * db_change_field($ret, 'foo', 'bar', 'bar',
- * array('type' => 'serial', 'not null' => TRUE),
- * array('primary key' => array('bar')));
- * @endcode
- *
- * The reasons for this are due to the different database engines:
- *
- * On PostgreSQL, changing a field definition involves adding a new field
- * and dropping an old one which* causes any indices, primary keys and
- * sequences (from serial-type fields) that use the changed field to be dropped.
- *
- * On MySQL, all type 'serial' fields must be part of at least one key
- * or index as soon as they are created. You cannot use
- * db_add_{primary_key,unique_key,index}() for this purpose because
- * the ALTER TABLE command will fail to add the column without a key
- * or index specification. The solution is to use the optional
- * $keys_new argument to create the key or index at the same time as
- * field.
- *
- * You could use db_add_{primary_key,unique_key,index}() in all cases
- * unless you are converting a field to be type serial. You can use
- * the $keys_new argument in all cases.
- *
- * @param $ret
- * Array to which query results will be added.
- * @param $table
- * Name of the table.
- * @param $field
- * Name of the field to change.
- * @param $field_new
- * New name for the field (set to the same as $field if you don't want to change the name).
- * @param $spec
- * The field specification for the new field.
- * @param $keys_new
- * Optional keys and indexes specification to be created on the
- * table along with changing the field. The format is the same as a
- * table specification but without the 'fields' element.
- */
-
-function db_change_field(&$ret, $table, $field, $field_new, $spec, $keys_new = array()) {
- $sql = 'ALTER TABLE {'. $table .'} CHANGE '. $field .' '.
- _db_create_field_sql($field_new, _db_process_field($spec));
- if (count($keys_new)) {
- $sql .= ', ADD '.implode(', ADD ', _db_create_keys_sql($keys_new));
- }
- $ret[] = update_sql($sql);
-}
-
-/**
- * Returns the last insert id.
- *
- * @param $table
- * The name of the table you inserted into.
- * @param $field
- * The name of the autoincrement field.
- */
-function db_last_insert_id($table, $field) {
- return db_result(db_query('SELECT LAST_INSERT_ID()'));
-}
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.192
diff -u -r1.192 bootstrap.inc
--- includes/bootstrap.inc 10 Sep 2007 12:19:11 -0000 1.192
+++ includes/bootstrap.inc 5 Oct 2007 07:23:43 -0000
@@ -385,7 +385,7 @@
// the database. This is required because this function is called both
// before we have a database connection (i.e. during installation) and
// when a database connection fails.
- elseif ($active_db && (($file = db_result(db_query("SELECT filename FROM {system} WHERE name = '%s' AND type = '%s'", $name, $type))) && file_exists($file))) {
+ elseif ($active_db && (($file = db_result(db_query("SELECT filename FROM {system} WHERE name = ? AND type = ?", $name, $type))) && file_exists($file))) {
$files[$type][$name] = $file;
}
else {
@@ -464,9 +464,9 @@
global $conf;
$serialized_value = serialize($value);
- db_query("UPDATE {variable} SET value = '%s' WHERE name = '%s'", $serialized_value, $name);
- if (!db_affected_rows()) {
- @db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, $serialized_value);
+ $result = db_query("UPDATE {variable} SET value = ? WHERE name = ?", $serialized_value, $name);
+ if (!db_affected_rows($result)) {
+ @db_query("INSERT INTO {variable} (name, value) VALUES (?, ?)", $name, $serialized_value);
}
cache_clear_all('variables', 'cache');
@@ -483,7 +483,7 @@
function variable_del($name) {
global $conf;
- db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
+ db_query("DELETE FROM {variable} WHERE name = ?", $name);
cache_clear_all('variables', 'cache');
unset($conf[$name]);
@@ -710,7 +710,7 @@
*
* @see watchdog_severity_levels
*/
-function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NOTICE, $link = NULL) {
+function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NOTICE, $link = 'test') {
global $user, $base_root;
// Prepare the fields to be logged
@@ -825,7 +825,7 @@
// these, we return 1 (denied). If no matching records or only ones
// with status = 1, we get no return from db_result, so we return
// (bool)NULL = 0 (allowed).
- return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1));
+ return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = ? AND LOWER(?) LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1));
}
/**
Index: includes/theme.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/theme.inc,v
retrieving revision 1.388
diff -u -r1.388 theme.inc
--- includes/theme.inc 4 Oct 2007 19:24:50 -0000 1.388
+++ includes/theme.inc 5 Oct 2007 07:23:45 -0000
@@ -404,7 +404,7 @@
if (empty($list)) {
$list = array();
- $result = db_query("SELECT * FROM {system} WHERE type = '%s'", 'theme');
+ $result = db_query("SELECT * FROM {system} WHERE type = ?", 'theme');
while ($theme = db_fetch_object($result)) {
if (file_exists($theme->filename)) {
$theme->info = unserialize($theme->info);
@@ -451,7 +451,7 @@
if (!$list) {
$list = array();
- $result = db_query("SELECT * FROM {system} WHERE type = '%s' AND status = %d ORDER BY name", 'theme_engine', '1');
+ $result = db_query("SELECT * FROM {system} WHERE type = ? AND status = ? ORDER BY name", 'theme_engine', '1');
while ($engine = db_fetch_object($result)) {
if (file_exists($engine->filename)) {
$engine->info = unserialize($engine->info);
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.694
diff -u -r1.694 common.inc
--- includes/common.inc 4 Oct 2007 19:20:39 -0000 1.694
+++ includes/common.inc 5 Oct 2007 07:23:44 -0000
@@ -819,7 +819,7 @@
* The name of the event.
*/
function flood_register_event($name) {
- db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, ip_address(), time());
+ db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES (?, ?, ?)", $name, ip_address(), time());
}
/**
@@ -835,7 +835,7 @@
* True if the user did not exceed the hourly threshold. False otherwise.
*/
function flood_is_allowed($name, $threshold) {
- $number = db_result(db_query("SELECT COUNT(*) FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, ip_address(), time() - 3600));
+ $number = db_result(db_query("SELECT COUNT(*) FROM {flood} WHERE event = ? AND hostname = ? AND timestamp > ?", $name, ip_address(), time() - 3600));
return ($number < $threshold ? TRUE : FALSE);
}
@@ -3084,7 +3084,7 @@
// Build arrays for the fields, placeholders, and values in our query.
if (isset($object->$field)) {
$fields[] = $field;
- $placeholders[] = db_type_placeholder($info['type']);
+ $placeholders[] = '?';
if (empty($info['serialize'])) {
$values[] = $object->$field;
@@ -3111,7 +3111,7 @@
}
foreach ($update as $key){
- $conditions[] = "$key = ". db_type_placeholder($schema['fields'][$key]['type']);
+ $conditions[] = "$key = ?";
$values[] = $object->$key;
}
Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.42
diff -u -r1.42 session.inc
--- includes/session.inc 12 Aug 2007 15:55:35 -0000 1.42
+++ includes/session.inc 5 Oct 2007 07:23:45 -0000
@@ -29,7 +29,7 @@
}
// Otherwise, if the session is still active, we have a record of the client's session in the database.
- $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
+ $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = ?", $key));
// We found the client's session record and they are an authenticated user
if ($user && $user->uid > 0) {
@@ -39,7 +39,7 @@
// Add roles element to $user
$user->roles = array();
$user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
- $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid);
+ $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = ?", $user->uid);
while ($role = db_fetch_object($result)) {
$user->roles[$role->rid] = $role->name;
}
@@ -61,7 +61,7 @@
return TRUE;
}
- $result = db_result(db_query("SELECT COUNT(*) FROM {sessions} WHERE sid = '%s'", $key));
+ $result = db_result(db_query("SELECT COUNT(*) FROM {sessions} WHERE sid = ?", $key));
if (!$result) {
// Only save session data when when the browser sends a cookie. This keeps
@@ -69,16 +69,16 @@
// and gives more useful statistics. We can't eliminate anonymous session
// table rows without breaking throttle module and "Who's Online" block.
if ($user->uid || $value || count($_COOKIE)) {
- db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time());
+ db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES (?, ?, ?, ?, ?, ?)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time());
}
}
else {
- db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key);
+ db_query("UPDATE {sessions} SET uid = ?, cache = ?, hostname = ?, session = ?, timestamp = ? WHERE sid = ?", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key);
// Last access time is updated no more frequently than once every 180 seconds.
// This reduces contention in the users table.
if ($user->uid && time() - $user->access > variable_get('session_write_interval', 180)) {
- db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid);
+ db_query("UPDATE {users} SET access = ? WHERE uid = ?", time(), $user->uid);
}
}
@@ -102,7 +102,7 @@
session_regenerate_id();
- db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
+ db_query("UPDATE {sessions} SET sid = ? WHERE sid = ?", session_id(), $old_session_id);
}
/**
@@ -120,7 +120,7 @@
*/
function sess_count($timestamp = 0, $anonymous = true) {
$query = $anonymous ? ' AND uid = 0' : ' AND uid > 0';
- return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d'. $query, $timestamp));
+ return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= ?'. $query, $timestamp));
}
/**
@@ -130,7 +130,7 @@
* the session id
*/
function sess_destroy_sid($sid) {
- db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid);
+ db_query("DELETE FROM {sessions} WHERE sid = ?", $sid);
}
/**
@@ -140,7 +140,7 @@
* the user id
*/
function sess_destroy_uid($uid) {
- db_query('DELETE FROM {sessions} WHERE uid = %d', $uid);
+ db_query('DELETE FROM {sessions} WHERE uid = ?', $uid);
}
function sess_gc($lifetime) {
@@ -149,7 +149,7 @@
// for three weeks before deleting them, you need to set gc_maxlifetime
// to '1814400'. At that value, only after a user doesn't log in after
// three weeks (1814400 seconds) will his/her session be removed.
- db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime);
+ db_query("DELETE FROM {sessions} WHERE timestamp < ?", time() - $lifetime);
return TRUE;
}
Index: includes/database.mysql.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.mysql.inc,v
retrieving revision 1.79
diff -u -r1.79 database.mysql.inc
--- includes/database.mysql.inc 29 Aug 2007 18:38:55 -0000 1.79
+++ includes/database.mysql.inc 5 Oct 2007 07:23:44 -0000
@@ -1,5 +1,5 @@
We were unable to use the MySQL database because the MySQL extension for PHP is not installed. Check your PHP.ini to see how you can enable it.
+ drupal_set_title('PDO MySQL support not enabled');
+ print theme('maintenance_page', 'We were unable to use the MySQL database because the MySQL driver is not available. Check your PHP.ini to see how you can enable it.
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
+ $url = parse_url($url);
+
// Decode url-encoded information in the db connection string
$url['user'] = urldecode($url['user']);
// Test if database url has a password.
@@ -72,42 +59,37 @@
$url['host'] = urldecode($url['host']);
$url['path'] = urldecode($url['path']);
- // Allow for non-standard MySQL port.
- if (isset($url['port'])) {
- $url['host'] = $url['host'] .':'. $url['port'];
- }
+ $dsn = 'mysql:host='. $url['host'] .';dbname='. substr($url['path'], 1);
- // - TRUE makes mysql_connect() always open a new link, even if
- // mysql_connect() was called before with the same parameters.
- // This is important if you are using two databases on the same
- // server.
- // - 2 means CLIENT_FOUND_ROWS: return the number of found
- // (matched) rows, not the number of affected rows.
- $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, 2);
- if (!$connection) {
- // Show error screen otherwise
+ return array($dsn, $url['user'], $url['pass']);
+}
+
+/**
+ * Initialise a database connection.
+ */
+function db_connection_error($code, $message) {
+ // Find all database connection errors and error 1045 for access denied for user account
+ if ($code >= 2000 || $code == 1045) {
drupal_maintenance_theme();
drupal_set_header('HTTP/1.1 503 Service Unavailable');
drupal_set_title('Unable to connect to database server');
print theme('maintenance_page', 'If you still have to install Drupal, proceed to the installation page.
If you have already finished installed Drupal, this either means that the username and password information in your settings.php file is incorrect or that we can\'t connect to the MySQL database server. This could mean your hosting provider\'s database server is down.
-The MySQL error was: '. theme('placeholder', mysql_error()) .'.
-Currently, the username is '. theme('placeholder', $url['user']) .' and the database server is '. theme('placeholder', $url['host']) .'.
+The MySQL error was: '. theme('placeholder', $message) .'.
- Are you sure you have the correct username and password?
- Are you sure that you have typed the correct hostname?
- Are you sure that the database server is running?
+ - Are you sure that the mysqli libraries are compiled in your PHP installation? Try using the mysql library instead by editing your
settings.php configuration file in Drupal.
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
-
- if (!mysql_select_db(substr($url['path'], 1))) {
+ else if ($code > 0) {
drupal_maintenance_theme();
drupal_set_title('Unable to select database');
print theme('maintenance_page', 'We were able to connect to the MySQL database server (which means your username and password are okay) but not able to select the database.
-The MySQL error was: '. theme('placeholder', mysql_error($connection)) .'.
-Currently, the database is '. theme('placeholder', substr($url['path'], 1)) .'. The username is '. theme('placeholder', $url['user']) .' and the database server is '. theme('placeholder', $url['host']) .'.
+The MySQL error was: '. theme('placeholder', $message) .'.
- Are you sure you have the correct database name?
- Are you sure the database exists?
@@ -116,117 +98,17 @@
For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
exit;
}
-
- /* On MySQL 4.1 and later, force UTF-8 */
- if (version_compare(mysql_get_server_info(), '4.1.0', '>=')) {
- mysql_query('SET NAMES "utf8"', $connection);
- }
- return $connection;
-}
-
-/**
- * Helper function for db_query().
- */
-function _db_query($query, $debug = 0) {
- global $active_db, $queries;
-
- if (variable_get('dev_query', 0)) {
- list($usec, $sec) = explode(' ', microtime());
- $timer = (float)$usec + (float)$sec;
- }
-
- $result = mysql_query($query, $active_db);
-
- if (variable_get('dev_query', 0)) {
- $bt = debug_backtrace();
- $query = $bt[2]['function'] ."\n". $query;
- list($usec, $sec) = explode(' ', microtime());
- $stop = (float)$usec + (float)$sec;
- $diff = $stop - $timer;
- $queries[] = array($query, $diff);
- }
-
- if ($debug) {
- print 'query: '. $query .'
error:'. mysql_error($active_db) .'
';
- }
-
- if (!mysql_errno($active_db)) {
- return $result;
- }
- else {
- // Indicate to drupal_error_handler that this is a database error.
- ${DB_ERROR} = TRUE;
- trigger_error(check_plain(mysql_error($active_db) ."\nquery: ". $query), E_USER_WARNING);
- return FALSE;
- }
-}
-
-/**
- * Fetch one result row from the previous query as an object.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An object representing the next row of the result, or FALSE. The attributes
- * of this object are the table fields selected by the query.
- */
-function db_fetch_object($result) {
- if ($result) {
- return mysql_fetch_object($result);
- }
-}
-
-/**
- * Fetch one result row from the previous query as an array.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An associative array representing the next row of the result, or FALSE.
- * The keys of this object are the names of the table fields selected by the
- * query, and the values are the field values for this result row.
- */
-function db_fetch_array($result) {
- if ($result) {
- return mysql_fetch_array($result, MYSQL_ASSOC);
- }
-}
-
-/**
- * Return an individual result field from the previous query.
- *
- * Only use this function if exactly one field is being selected; otherwise,
- * use db_fetch_object() or db_fetch_array().
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * The resulting field or FALSE.
- */
-function db_result($result) {
- if ($result && mysql_num_rows($result) > 0) {
- // The mysql_fetch_row function has an optional second parameter $row
- // but that can't be used for compatibility with Oracle, DB2, etc.
- $array = mysql_fetch_row($result);
- return $array[0];
- }
- return FALSE;
-}
-
-/**
- * Determine whether the previous query caused an error.
- */
-function db_error() {
- global $active_db;
- return mysql_errno($active_db);
}
/**
- * Determine the number of rows changed by the preceding query.
+ * Set additional paramenters when connecting to the database.
*/
-function db_affected_rows() {
- global $active_db;
- return mysql_affected_rows($active_db);
+function _db_connect($connection) {
+ // Force UTF-8.
+ $connection->exec('SET NAMES "utf8"');
+ // Enable query buffering.
+ $connection->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, TRUE);
+ //$connection->setAttribute(PDO::MYSQL_ATTR_MAX_BUFFER_SIZE, 1024);
}
/**
@@ -267,10 +149,8 @@
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
$query .= ' LIMIT '. (int)$from .', '. (int)$count;
- return _db_query($query);
+ return _db_query($query, $args);
}
/**
@@ -314,42 +194,7 @@
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- return _db_query($query);
-}
-
-/**
- * Returns a properly formatted Binary Large OBject value.
- *
- * @param $data
- * Data to encode.
- * @return
- * Encoded data.
- */
-function db_encode_blob($data) {
- global $active_db;
- return "'". mysql_real_escape_string($data, $active_db) ."'";
-}
-
-/**
- * Returns text from a Binary Large Object value.
- *
- * @param $data
- * Data to decode.
- * @return
- * Decoded data.
- */
-function db_decode_blob($data) {
- return $data;
-}
-
-/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
- */
-function db_escape_string($text) {
- global $active_db;
- return mysql_real_escape_string($text, $active_db);
+ return _db_query($query, $args);
}
/**
@@ -400,3 +245,492 @@
/**
* @} End of "ingroup database".
*/
+
+/**
+ * @ingroup schemaapi
+ * @{
+ */
+
+/**
+ * Generate SQL to create a new table from a Drupal schema definition.
+ *
+ * @param $name
+ * The name of the table to create.
+ * @param $table
+ * A Schema API table definition array.
+ * @return
+ * An array of SQL statements to create the table.
+ */
+function db_create_table_sql($name, $table) {
+
+ if (empty($table['mysql_suffix'])) {
+ $table['mysql_suffix'] = "/*!40100 DEFAULT CHARACTER SET UTF8 */";
+ }
+
+ $sql = "CREATE TABLE {". $name ."} (\n";
+
+ // Add the SQL statement for each field.
+ foreach ($table['fields'] as $field_name => $field) {
+ $sql .= _db_create_field_sql($field_name, _db_process_field($field)) .", \n";
+ }
+
+ // Process keys & indexes.
+ $keys = _db_create_keys_sql($table);
+ if (count($keys)) {
+ $sql .= implode(", \n", $keys) .", \n";
+ }
+
+ // Remove the last comma and space.
+ $sql = substr($sql, 0, -3) ."\n) ";
+
+ $sql .= $table['mysql_suffix'];
+
+ return array($sql);
+}
+
+function _db_create_keys_sql($spec) {
+ $keys = array();
+
+ if (!empty($spec['primary key'])) {
+ $keys[] = 'PRIMARY KEY ('. _db_create_key_sql($spec['primary key']) .')';
+ }
+ if (!empty($spec['unique keys'])) {
+ foreach ($spec['unique keys'] as $key => $fields) {
+ $keys[] = 'UNIQUE KEY '. $key .' ('. _db_create_key_sql($fields) .')';
+ }
+ }
+ if (!empty($spec['indexes'])) {
+ foreach ($spec['indexes'] as $index => $fields) {
+ $keys[] = 'INDEX '. $index .' ('. _db_create_key_sql($fields) .')';
+ }
+ }
+
+ return $keys;
+}
+
+function _db_create_key_sql($fields) {
+ $ret = array();
+ foreach ($fields as $field) {
+ if (is_array($field)) {
+ $ret[] = $field[0] .'('. $field[1] .')';
+ }
+ else {
+ $ret[] = $field;
+ }
+ }
+ return implode(', ', $ret);
+}
+
+/**
+ * Set database-engine specific properties for a field.
+ *
+ * @param $field
+ * A field description array, as specified in the schema documentation.
+ */
+function _db_process_field($field) {
+
+ if (!isset($field['size'])) {
+ $field['size'] = 'normal';
+ }
+
+ // Set the correct database-engine specific datatype.
+ if (!isset($field['mysql_type'])) {
+ $map = db_type_map();
+ $field['mysql_type'] = $map[$field['type'] .':'. $field['size']];
+ }
+
+ if ($field['type'] == 'serial') {
+ $field['auto_increment'] = TRUE;
+ }
+
+ return $field;
+}
+
+/**
+ * Create an SQL string for a field to be used in table creation or alteration.
+ *
+ * Before passing a field out of a schema definition into this function it has
+ * to be processed by _db_process_field().
+ *
+ * @param $name
+ * Name of the field.
+ * @param $spec
+ * The field specification, as per the schema data structure format.
+ */
+function _db_create_field_sql($name, $spec) {
+ $sql = "`". $name ."` ". $spec['mysql_type'];
+
+ if (isset($spec['length'])) {
+ $sql .= '('. $spec['length'] .')';
+ }
+ elseif (isset($spec['precision']) && isset($spec['scale'])) {
+ $sql .= '('. $spec['scale'] .', '. $spec['precision'] .')';
+ }
+
+ if (!empty($spec['unsigned'])) {
+ $sql .= ' unsigned';
+ }
+
+ if (!empty($spec['not null'])) {
+ $sql .= ' NOT NULL';
+ }
+
+ if (!empty($spec['auto_increment'])) {
+ $sql .= ' auto_increment';
+ }
+
+ if (isset($spec['default'])) {
+ if (is_string($spec['default'])) {
+ $spec['default'] = "'". $spec['default'] ."'";
+ }
+ $sql .= ' DEFAULT '. $spec['default'];
+ }
+
+ if (empty($spec['not null']) && !isset($spec['default'])) {
+ $sql .= ' DEFAULT NULL';
+ }
+
+ return $sql;
+}
+
+/**
+ * This maps a generic data type in combination with its data size
+ * to the engine-specific data type.
+ */
+function db_type_map() {
+ // Put :normal last so it gets preserved by array_flip. This makes
+ // it much easier for modules (such as schema.module) to map
+ // database types back into schema types.
+ $map = array(
+ 'varchar:normal' => 'VARCHAR',
+
+ 'text:tiny' => 'SMALLTEXT',
+ 'text:small' => 'SMALLTEXT',
+ 'text:medium' => 'MEDIUMTEXT',
+ 'text:big' => 'LONGTEXT',
+ 'text:normal' => 'TEXT',
+
+ 'serial:tiny' => 'TINYINT',
+ 'serial:small' => 'SMALLINT',
+ 'serial:medium' => 'MEDIUMINT',
+ 'serial:big' => 'BIGINT',
+ 'serial:normal' => 'INT',
+
+ 'int:tiny' => 'TINYINT',
+ 'int:small' => 'SMALLINT',
+ 'int:medium' => 'MEDIUMINT',
+ 'int:big' => 'BIGINT',
+ 'int:normal' => 'INT',
+
+ 'float:tiny' => 'FLOAT',
+ 'float:small' => 'FLOAT',
+ 'float:medium' => 'FLOAT',
+ 'float:big' => 'DOUBLE',
+ 'float:normal' => 'FLOAT',
+
+ 'numeric:normal' => 'NUMERIC',
+
+ 'blob:big' => 'LONGBLOB',
+ 'blob:normal' => 'BLOB',
+
+ 'datetime:normal' => 'DATETIME',
+ );
+ return $map;
+}
+
+/**
+ * Rename a table.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be renamed.
+ * @param $new_name
+ * The new name for the table.
+ */
+function db_rename_table(&$ret, $table, $new_name) {
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} RENAME TO {'. $new_name .'}');
+}
+
+/**
+ * Drop a table.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be dropped.
+ */
+function db_drop_table(&$ret, $table) {
+ $ret[] = update_sql('DROP TABLE {'. $table .'}');
+}
+
+/**
+ * Add a new field to a table.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * Name of the table to be altered.
+ * @param $field
+ * Name of the field to be added.
+ * @param $spec
+ * The field specification array, as taken from a schema definition.
+ * The specification may also contain the key 'initial', the newly
+ * created field will be set to the value of the key in all rows.
+ * This is most useful for creating NOT NULL columns with no default
+ * value in existing tables.
+ * @param $keys_new
+ * Optional keys and indexes specification to be created on the
+ * table along with adding the field. The format is the same as a
+ * table specification but without the 'fields' element. If you are
+ * adding a type 'serial' field, you MUST specify at least one key
+ * or index including it in this array. @see db_change_field for more
+ * explanation why.
+ */
+function db_add_field(&$ret, $table, $field, $spec, $keys_new = array()) {
+ $fixnull = FALSE;
+ if (!empty($spec['not null']) && !isset($spec['default'])) {
+ $fixnull = TRUE;
+ $spec['not null'] = FALSE;
+ }
+ $query = 'ALTER TABLE {'. $table .'} ADD ';
+ $query .= _db_create_field_sql($field, _db_process_field($spec));
+ if (count($keys_new)) {
+ $query .= ', ADD '. implode(', ADD ', _db_create_keys_sql($keys_new));
+ }
+ $ret[] = update_sql($query);
+ if (isset($spec['initial'])) {
+ // All this because update_sql does not support %-placeholders.
+ $sql = 'UPDATE {'. $table .'} SET '. $field .' = ?';
+ $result = db_query($sql, $spec['initial']);
+ $ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql .' ('. $spec['initial'] .')'));
+ }
+ if ($fixnull) {
+ $spec['not null'] = TRUE;
+ db_change_field($ret, $table, $field, $field, $spec);
+ }
+}
+
+/**
+ * Drop a field.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ * @param $field
+ * The field to be dropped.
+ */
+function db_drop_field(&$ret, $table, $field) {
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP '. $field);
+}
+
+/**
+ * Set the default value for a field.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ * @param $field
+ * The field to be altered.
+ * @param $default
+ * Default value to be set. NULL for 'default NULL'.
+ */
+function db_field_set_default(&$ret, $table, $field, $default) {
+ if ($default == NULL) {
+ $default = 'NULL';
+ }
+ else {
+ $default = is_string($default) ? "'$default'" : $default;
+ }
+
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} ALTER COLUMN '. $field .' SET DEFAULT '. $default);
+}
+
+/**
+ * Set a field to have no default value.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ * @param $field
+ * The field to be altered.
+ */
+function db_field_set_no_default(&$ret, $table, $field) {
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} ALTER COLUMN '. $field .' DROP DEFAULT');
+}
+
+/**
+ * Add a primary key.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ * @param $fields
+ * Fields for the primary key.
+ */
+function db_add_primary_key(&$ret, $table, $fields) {
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} ADD PRIMARY KEY ('.
+ _db_create_key_sql($fields) .')');
+}
+
+/**
+ * Drop the primary key.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ */
+function db_drop_primary_key(&$ret, $table) {
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP PRIMARY KEY');
+}
+
+/**
+ * Add a unique key.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ * @param $name
+ * The name of the key.
+ * @param $fields
+ * An array of field names.
+ */
+function db_add_unique_key(&$ret, $table, $name, $fields) {
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} ADD UNIQUE KEY '.
+ $name .' ('. _db_create_key_sql($fields) .')');
+}
+
+/**
+ * Drop a unique key.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ * @param $name
+ * The name of the key.
+ */
+function db_drop_unique_key(&$ret, $table, $name) {
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP KEY '. $name);
+}
+
+/**
+ * Add an index.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ * @param $name
+ * The name of the index.
+ * @param $fields
+ * An array of field names.
+ */
+function db_add_index(&$ret, $table, $name, $fields) {
+ $query = 'ALTER TABLE {'. $table .'} ADD INDEX '. $name .' ('. _db_create_key_sql($fields) .')';
+ $ret[] = update_sql($query);
+}
+
+/**
+ * Drop an index.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * The table to be altered.
+ * @param $name
+ * The name of the index.
+ */
+function db_drop_index(&$ret, $table, $name) {
+ $ret[] = update_sql('ALTER TABLE {'. $table .'} DROP INDEX '. $name);
+}
+
+/**
+ * Change a field definition.
+ *
+ * IMPORTANT NOTE: To maintain database portability, you have to explicitly
+ * recreate all indices and primary keys that are using the changed field.
+ *
+ * That means that you have to drop all affected keys and indexes with
+ * db_drop_{primary_key,unique_key,index}() before calling db_change_field().
+ * To recreate the keys and indices, pass the key definitions as the
+ * optional $keys_new argument directly to db_change_field().
+ *
+ * For example, suppose you have:
+ * @code
+ * $schema['foo'] = array(
+ * 'fields' => array(
+ * 'bar' => array('type' => 'int', 'not null' => TRUE)
+ * ),
+ * 'primary key' => array('bar')
+ * );
+ * @endcode
+ * and you want to change foo.bar to be type serial, leaving it as the
+ * primary key. The correct sequence is:
+ * @code
+ * db_drop_primary_key($ret, 'foo');
+ * db_change_field($ret, 'foo', 'bar', 'bar',
+ * array('type' => 'serial', 'not null' => TRUE),
+ * array('primary key' => array('bar')));
+ * @endcode
+ *
+ * The reasons for this are due to the different database engines:
+ *
+ * On PostgreSQL, changing a field definition involves adding a new field
+ * and dropping an old one which* causes any indices, primary keys and
+ * sequences (from serial-type fields) that use the changed field to be dropped.
+ *
+ * On MySQL, all type 'serial' fields must be part of at least one key
+ * or index as soon as they are created. You cannot use
+ * db_add_{primary_key,unique_key,index}() for this purpose because
+ * the ALTER TABLE command will fail to add the column without a key
+ * or index specification. The solution is to use the optional
+ * $keys_new argument to create the key or index at the same time as
+ * field.
+ *
+ * You could use db_add_{primary_key,unique_key,index}() in all cases
+ * unless you are converting a field to be type serial. You can use
+ * the $keys_new argument in all cases.
+ *
+ * @param $ret
+ * Array to which query results will be added.
+ * @param $table
+ * Name of the table.
+ * @param $field
+ * Name of the field to change.
+ * @param $field_new
+ * New name for the field (set to the same as $field if you don't want to change the name).
+ * @param $spec
+ * The field specification for the new field.
+ * @param $keys_new
+ * Optional keys and indexes specification to be created on the
+ * table along with changing the field. The format is the same as a
+ * table specification but without the 'fields' element.
+ */
+
+function db_change_field(&$ret, $table, $field, $field_new, $spec, $keys_new = array()) {
+ $sql = 'ALTER TABLE {'. $table .'} CHANGE '. $field .' '.
+ _db_create_field_sql($field_new, _db_process_field($spec));
+ if (count($keys_new)) {
+ $sql .= ', ADD '.implode(', ADD ', _db_create_keys_sql($keys_new));
+ }
+ $ret[] = update_sql($sql);
+}
+
+/**
+ * Returns the last insert id.
+ *
+ * @param $table
+ * The name of the table you inserted into.
+ * @param $field
+ * The name of the autoincrement field.
+ */
+function db_last_insert_id($table, $field) {
+ return db_result(db_query('SELECT LAST_INSERT_ID()'));
+}
Index: includes/form.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/form.inc,v
retrieving revision 1.227
diff -u -r1.227 form.inc
--- includes/form.inc 25 Sep 2007 15:14:37 -0000 1.227
+++ includes/form.inc 5 Oct 2007 07:23:44 -0000
@@ -2043,7 +2043,7 @@
* $context['sandbox']['max'] = db_result(db_query('SELECT COUNT(DISTINCT nid) FROM {node}'));
* }
* $limit = 5;
- * $result = db_query_range("SELECT nid FROM {node} WHERE nid > %d ORDER BY nid ASC", $context['sandbox']['current_node'], 0, $limit);
+ * $result = db_query_range("SELECT nid FROM {node} WHERE nid > ? ORDER BY nid ASC", $context['sandbox']['current_node'], 0, $limit);
* while ($row = db_fetch_array($result)) {
* $node = node_load($row['nid'], NULL, TRUE);
* $context['results'][] = $node->nid .' : '. $node->title;
@@ -2201,7 +2201,7 @@
// Initiate db storage in order to get a batch id. We have to provide
// at least an empty string for the (not null) 'token' column.
- db_query("INSERT INTO {batch} (token, timestamp) VALUES ('', %d)", time());
+ db_query("INSERT INTO {batch} (token, timestamp) VALUES ('', ?)", time());
$batch['id'] = db_last_insert_id('batch', 'bid');
// Now that we have a batch id, we can generate the redirection link in
@@ -2210,7 +2210,7 @@
$batch['error_message'] = $t('Please continue to the error page', array('@error_url' => url($url, array('query' => array('id' => $batch['id'], 'op' => 'finished')))));
// Actually store the batch data and the token generated form the batch id.
- db_query("UPDATE {batch} SET token = '%s', batch = '%s' WHERE bid = %d", drupal_get_token($batch['id']), serialize($batch), $batch['id']);
+ db_query("UPDATE {batch} SET token = ?, batch = ? WHERE bid = ?", drupal_get_token($batch['id']), serialize($batch), $batch['id']);
drupal_goto($batch['url'], 'op=start&id='. $batch['id']);
}
Index: includes/menu.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/menu.inc,v
retrieving revision 1.211
diff -u -r1.211 menu.inc
--- includes/menu.inc 1 Oct 2007 09:53:03 -0000 1.211
+++ includes/menu.inc 5 Oct 2007 07:23:45 -0000
@@ -196,7 +196,7 @@
* array('node', '12345', 'edit').
* @return
* An array which contains the ancestors and placeholders. Placeholders
- * simply contain as many '%s' as the ancestors.
+ * simply contain as many ? as the ancestors.
*/
function menu_get_ancestors($parts) {
$number_parts = count($parts);
@@ -227,7 +227,7 @@
$current .= '/';
}
}
- $placeholders[] = "'%s'";
+ $placeholders[] = '?';
$ancestors[] = $current;
}
return array($ancestors, $placeholders);
@@ -638,7 +638,7 @@
$args[] = $item["p$i"];
}
$args = array_unique($args);
- $placeholders = implode(', ', array_fill(0, count($args), '%d'));
+ $placeholders = implode(', ', array_fill(0, count($args), '?'));
$where = ' AND ml.plid IN ('. $placeholders .')';
$parents = $args;
$parents[] = $item['mlid'];
@@ -656,7 +656,7 @@
$data['tree'] = menu_tree_data(db_query("
SELECT m.load_functions, m.to_arg_functions, m.access_callback, m.access_arguments, m.page_callback, m.page_arguments, m.title, m.title_callback, m.title_arguments, m.type, ml.*
FROM {menu_links} ml LEFT JOIN {menu_router} m ON m.path = ml.router_path
- WHERE ml.menu_name = '%s'". $where ."
+ WHERE ml.menu_name = ?". $where ."
ORDER BY p1 ASC, p2 ASC, p3 ASC, p4 ASC, p5 ASC, p6 ASC, p7 ASC, p8 ASC, p9 ASC", $args), $parents);
$data['node_links'] = array();
menu_tree_collect_node_links($data['tree'], $data['node_links']);
@@ -704,32 +704,32 @@
// Build and run the query, and build the tree.
if ($item['access']) {
// Check whether a menu link exists that corresponds to the current path.
- $parents = db_fetch_array(db_query("SELECT p1, p2, p3, p4, p5, p6, p7, p8 FROM {menu_links} WHERE menu_name = '%s' AND link_path = '%s'", $menu_name, $item['href']));
+ $parents = db_fetch_array(db_query("SELECT p1, p2, p3, p4, p5, p6, p7, p8 FROM {menu_links} WHERE menu_name = ? AND link_path = ?", $menu_name, $item['href']));
if (empty($parents)) {
// If no link exists, we may be on a local task that's not in the links.
// TODO: Handle the case like a local task on a specific node in the menu.
- $parents = db_fetch_array(db_query("SELECT p1, p2, p3, p4, p5, p6, p7, p8 FROM {menu_links} WHERE menu_name = '%s' AND link_path = '%s'", $menu_name, $item['tab_root']));
+ $parents = db_fetch_array(db_query("SELECT p1, p2, p3, p4, p5, p6, p7, p8 FROM {menu_links} WHERE menu_name = ? AND link_path = ?", $menu_name, $item['tab_root']));
}
// We always want all the top-level links with plid == 0.
$parents[] = '0';
// Use array_values() so that the indices are numeric for array_merge().
$args = $parents = array_unique(array_values($parents));
- $placeholders = implode(', ', array_fill(0, count($args), '%d'));
+ $placeholders = implode(', ', array_fill(0, count($args), '?'));
$expanded = variable_get('menu_expanded', array());
// Check whether the current menu has any links set to be expanded.
if (in_array($menu_name, $expanded)) {
// Collect all the links set to be expanded, and then add all of
// their children to the list as well.
do {
- $result = db_query("SELECT mlid FROM {menu_links} WHERE menu_name = '%s' AND expanded = 1 AND has_children = 1 AND plid IN (". $placeholders .') AND mlid NOT IN ('. $placeholders .')', array_merge(array($menu_name), $args, $args));
+ $result = db_query("SELECT mlid FROM {menu_links} WHERE menu_name = ? AND expanded = 1 AND has_children = 1 AND plid IN (". $placeholders .') AND mlid NOT IN ('. $placeholders .')', array_merge(array($menu_name), $args, $args));
$num_rows = FALSE;
while ($item = db_fetch_array($result)) {
$args[] = $item['mlid'];
$num_rows = TRUE;
}
- $placeholders = implode(', ', array_fill(0, count($args), '%d'));
+ $placeholders = implode(', ', array_fill(0, count($args), '?'));
} while ($num_rows);
}
array_unshift($args, $menu_name);
@@ -737,7 +737,7 @@
else {
// Show only the top-level menu items when access is denied.
$args = array($menu_name, '0');
- $placeholders = '%d';
+ $placeholders = '?';
$parents = array();
}
// Select the links from the table, and recursively build the tree. We
@@ -746,7 +746,7 @@
$data['tree'] = menu_tree_data(db_query("
SELECT m.load_functions, m.to_arg_functions, m.access_callback, m.access_arguments, m.page_callback, m.page_arguments, m.title, m.title_callback, m.title_arguments, m.type, ml.*
FROM {menu_links} ml LEFT JOIN {menu_router} m ON m.path = ml.router_path
- WHERE ml.menu_name = '%s' AND ml.plid IN (". $placeholders .")
+ WHERE ml.menu_name = ? AND ml.plid IN (". $placeholders .")
ORDER BY p1 ASC, p2 ASC, p3 ASC, p4 ASC, p5 ASC, p6 ASC, p7 ASC, p8 ASC, p9 ASC", $args), $parents);
$data['node_links'] = array();
menu_tree_collect_node_links($data['tree'], $data['node_links']);
@@ -790,7 +790,7 @@
if ($node_links) {
// Use db_rewrite_sql to evaluate view access without loading each full node.
$nids = array_keys($node_links);
- $placeholders = '%d'. str_repeat(', %d', count($nids) - 1);
+ $placeholders = '?'. str_repeat(', ?', count($nids) - 1);
$result = db_query(db_rewrite_sql("SELECT n.nid FROM {node} n WHERE n.nid IN (". $placeholders .")"), $nids);
while ($node = db_fetch_array($result)) {
$nid = $node['nid'];
@@ -1085,7 +1085,7 @@
return '';
}
// Get all tabs and the root page.
- $result = db_query("SELECT * FROM {menu_router} WHERE tab_root = '%s' ORDER BY weight, title", $router_item['tab_root']);
+ $result = db_query("SELECT * FROM {menu_router} WHERE tab_root = ? ORDER BY weight, title", $router_item['tab_root']);
$map = arg();
$children = array();
$tasks = array();
@@ -1385,7 +1385,7 @@
* rendering.
*/
function menu_link_load($mlid) {
- if (is_numeric($mlid) && $item = db_fetch_array(db_query("SELECT m.*, ml.* FROM {menu_links} ml LEFT JOIN {menu_router} m ON m.path = ml.router_path WHERE ml.mlid = %d", $mlid))) {
+ if (is_numeric($mlid) && $item = db_fetch_array(db_query("SELECT m.*, ml.* FROM {menu_links} ml LEFT JOIN {menu_router} m ON m.path = ml.router_path WHERE ml.mlid = ?", $mlid))) {
_menu_link_translate($item);
return $item;
}
@@ -1492,7 +1492,7 @@
array_multisort($sort, SORT_NUMERIC, $menu_links);
foreach ($menu_links as $item) {
- $existing_item = db_fetch_array(db_query("SELECT mlid, menu_name, plid, customized FROM {menu_links} WHERE link_path = '%s' AND module = '%s'", $item['link_path'], 'system'));
+ $existing_item = db_fetch_array(db_query("SELECT mlid, menu_name, plid, customized FROM {menu_links} WHERE link_path = ? AND module = ?", $item['link_path'], 'system'));
if ($existing_item) {
$item['mlid'] = $existing_item['mlid'];
$item['menu_name'] = $existing_item['menu_name'];
@@ -1507,7 +1507,7 @@
while ($item = db_fetch_array($result)) {
$router_path = _menu_find_router_path($menu, $item['link_path']);
if (!empty($router_path) && $router_path != $item['router_path']) {
- db_query("UPDATE {menu_links} SET router_path = '%s' WHERE mlid = %d", $router_path, $item['mlid']);
+ db_query("UPDATE {menu_links} SET router_path = ? WHERE mlid = ?", $router_path, $item['mlid']);
}
}
}
@@ -1522,10 +1522,10 @@
*/
function menu_link_delete($mlid, $path = NULL) {
if (isset($mlid)) {
- _menu_delete_item(db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE mlid = %d", $mlid)));
+ _menu_delete_item(db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE mlid = ?", $mlid)));
}
else {
- $result = db_query("SELECT * FROM {menu_links} WHERE link_path = '%s'", $path);
+ $result = db_query("SELECT * FROM {menu_links} WHERE link_path = ?", $path);
while ($link = db_fetch_array($result)) {
_menu_delete_item($link);
}
@@ -1541,14 +1541,14 @@
// Children get re-attached to the item's parent.
if ($item['has_children']) {
- $result = db_query("SELECT mlid FROM {menu_links} WHERE plid = %d", $item['mlid']);
+ $result = db_query("SELECT mlid FROM {menu_links} WHERE plid = ?", $item['mlid']);
while ($m = db_fetch_array($result)) {
$child = menu_link_load($m['mlid']);
$child['plid'] = $item['plid'];
menu_link_save($child);
}
}
- db_query('DELETE FROM {menu_links} WHERE mlid = %d', $item['mlid']);
+ db_query('DELETE FROM {menu_links} WHERE mlid = ?', $item['mlid']);
// Update the has_children status of the parent.
_menu_update_parental_status($item);
@@ -1598,18 +1598,18 @@
$menu_name = $item['menu_name'];
$existing_item = FALSE;
if (isset($item['mlid'])) {
- $existing_item = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE mlid = %d", $item['mlid']));
+ $existing_item = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE mlid = ?", $item['mlid']));
}
// Find the parent - it must be in the same menu.
if (isset($item['plid'])) {
- $parent = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE menu_name = '%s' AND mlid = %d", $menu_name, $item['plid']));
+ $parent = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE menu_name = ? AND mlid = ?", $menu_name, $item['plid']));
}
else {
$parent_path = $item['link_path'];
do {
$parent_path = substr($parent_path, 0, strrpos($parent_path, '/'));
- $parent = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE menu_name = '%s' AND link_path = '%s'", $menu_name, $parent_path));
+ $parent = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE menu_name = ? AND link_path = ?", $menu_name, $parent_path));
} while ($parent === FALSE && $parent_path);
}
// Menu callbacks need to be in the links table for breadcrumbs, but can't
@@ -1628,10 +1628,10 @@
expanded, weight,
module, link_title, options,
customized, updated) VALUES (
- '%s', %d, '%s',
- %d, %d, %d,
- %d, %d,
- '%s', '%s', '%s', %d, %d)",
+ ?, ?, ?,
+ ?, ?, ?,
+ ?, ?,
+ ?, ?, ?, ?, ?)",
$item['menu_name'], $item['plid'], $item['link_path'],
$item['hidden'], $item['_external'], $item['has_children'],
$item['expanded'], $item['weight'],
@@ -1677,11 +1677,11 @@
$item['router_path'] = _menu_find_router_path($menu, $item['link_path']);
}
}
- db_query("UPDATE {menu_links} SET menu_name = '%s', plid = %d, link_path = '%s',
- router_path = '%s', hidden = %d, external = %d, has_children = %d,
- expanded = %d, weight = %d, depth = %d,
- p1 = %d, p2 = %d, p3 = %d, p4 = %d, p5 = %d, p6 = %d, p7 = %d, p8 = %d, p9 = %d,
- module = '%s', link_title = '%s', options = '%s', customized = %d WHERE mlid = %d",
+ db_query("UPDATE {menu_links} SET menu_name = ?, plid = ?, link_path = ?,
+ router_path = ?, hidden = ?, external = ?, has_children = ?,
+ expanded = ?, weight = ?, depth = ?,
+ p1 = ?, p2 = ?, p3 = ?, p4 = ?, p5 = ?, p6 = ?, p7 = ?, p8 = ?, p9 = ?,
+ module = ?, link_title = ?, options = ?, customized = ? WHERE mlid = ?",
$item['menu_name'], $item['plid'], $item['link_path'],
$item['router_path'], $item['hidden'], $item['_external'], $item['has_children'],
$item['expanded'], $item['weight'], $item['depth'],
@@ -1748,12 +1748,12 @@
$args[] = $item['menu_name'];
$p = 'p1';
while ($i <= MENU_MAX_DEPTH && $item[$p]) {
- $match .= " AND $p = %d";
+ $match .= " AND $p = ?";
$args[] = $item[$p];
$p = 'p'. ++$i;
}
- $max_depth = db_result(db_query_range("SELECT depth FROM {menu_links} WHERE menu_name = '%s'". $match ." ORDER BY depth DESC", $args, 0, 1));
+ $max_depth = db_result(db_query_range("SELECT depth FROM {menu_links} WHERE menu_name = ?". $match ." ORDER BY depth DESC", $args, 0, 1));
return ($max_depth > $item['depth']) ? $max_depth - $item['depth'] : 0;
}
@@ -1767,12 +1767,12 @@
function _menu_link_move_children($item, $existing_item) {
$args[] = $item['menu_name'];
- $set[] = "menu_name = '%s'";
+ $set[] = "menu_name = ?";
$i = 1;
while ($i <= $item['depth']) {
$p = 'p'. $i++;
- $set[] = "$p = %d";
+ $set[] = "$p = ?";
$args[] = $item[$p];
}
$j = $existing_item['depth'] + 1;
@@ -1786,7 +1786,7 @@
$shift = $item['depth'] - $existing_item['depth'];
if ($shift < 0) {
$args[] = -$shift;
- $set[] = 'depth = depth - %d';
+ $set[] = 'depth = depth - ?';
}
elseif ($shift > 0) {
// The order of $set must be reversed so the new values don't overwrite the
@@ -1797,13 +1797,13 @@
$args = array_reverse($args);
$args[] = $shift;
- $set[] = 'depth = depth + %d';
+ $set[] = 'depth = depth + ?';
}
- $where[] = "menu_name = '%s'";
+ $where[] = "menu_name = ?";
$args[] = $existing_item['menu_name'];
$p = 'p1';
for ($i = 1; $i <= MENU_MAX_DEPTH && $existing_item[$p]; $p = 'p'. ++$i) {
- $where[] = "$p = %d";
+ $where[] = "$p = ?";
$args[] = $existing_item[$p];
}
@@ -1819,10 +1819,10 @@
// If plid == 0, there is nothing to update.
if ($item['plid']) {
// We may want to exclude the passed link as a possible child.
- $where = $exclude ? " AND mlid != %d" : '';
+ $where = $exclude ? " AND mlid != ?" : '';
// Check if at least one visible child exists in the table.
- $parent_has_children = (bool)db_result(db_query_range("SELECT mlid FROM {menu_links} WHERE menu_name = '%s' AND plid = %d AND hidden = 0". $where, $item['menu_name'], $item['plid'], $item['mlid'], 0, 1));
- db_query("UPDATE {menu_links} SET has_children = %d WHERE mlid = %d", $parent_has_children, $item['plid']);
+ $parent_has_children = (bool)db_result(db_query_range("SELECT mlid FROM {menu_links} WHERE menu_name = ? AND plid = ? AND hidden = 0". $where, $item['menu_name'], $item['plid'], $item['mlid'], 0, 1));
+ db_query("UPDATE {menu_links} SET has_children = ? WHERE mlid = ?", $parent_has_children, $item['plid']);
}
}
@@ -2008,11 +2008,11 @@
number_parts, tab_parent, tab_root,
title, title_callback, title_arguments,
type, block_callback, description, position, weight, file)
- VALUES ('%s', '%s', '%s', '%s',
- '%s', '%s', '%s', %d,
- %d, '%s', '%s',
- '%s', '%s', '%s',
- %d, '%s', '%s', '%s', %d, '%s')",
+ VALUES (?, ?, ?, ?,
+ ?, ?, ?, ?,
+ ?, ?, ?,
+ ?, ?, ?,
+ ?, ?, ?, ?, ?, ?)",
$path, $item['load_functions'], $item['to_arg_functions'], $item['access callback'],
serialize($item['access arguments']), $item['page callback'], serialize($item['page arguments']), $item['_fit'],
$item['_number_parts'], $item['tab_parent'], $item['tab_root'],
Index: includes/database.mysqli.inc
===================================================================
RCS file: includes/database.mysqli.inc
diff -N includes/database.mysqli.inc
--- includes/database.mysqli.inc 3 Sep 2007 17:02:16 -0000 1.44
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,402 +0,0 @@
- $t('MySQL database'),
- 'value' => ($phase == 'runtime') ? l($version, 'admin/logs/status/sql') : $version,
- );
-
- if (version_compare($version, DRUPAL_MINIMUM_MYSQL) < 0) {
- $form['mysql']['severity'] = REQUIREMENT_ERROR;
- $form['mysql']['description'] = $t('Your MySQL Server is too old. Drupal requires at least MySQL %version.', array('%version' => DRUPAL_MINIMUM_MYSQL));
- }
-
- return $form;
-}
-
-/**
- * Returns the version of the database server currently in use.
- *
- * @return Database server version
- */
-function db_version() {
- global $active_db;
- list($version) = explode('-', mysqli_get_server_info($active_db));
- return $version;
-}
-
-/**
- * Initialise a database connection.
- *
- * Note that mysqli does not support persistent connections.
- */
-function db_connect($url) {
- // Check if MySQLi support is present in PHP
- if (!function_exists('mysqli_init') && !extension_loaded('mysqli')) {
- drupal_maintenance_theme();
- drupal_set_title('PHP MySQLi support not enabled');
- print theme('maintenance_page', 'We were unable to use the MySQLi database because the MySQLi extension for PHP is not installed. Check your PHP.ini to see how you can enable it.
-For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
- exit;
- }
-
- $url = parse_url($url);
-
- // Decode url-encoded information in the db connection string
- $url['user'] = urldecode($url['user']);
- // Test if database url has a password.
- if (isset($url['pass'])) {
- $url['pass'] = urldecode($url['pass']);
- }
- else {
- $url['pass'] = '';
- }
- $url['host'] = urldecode($url['host']);
- $url['path'] = urldecode($url['path']);
-
- $connection = mysqli_init();
- @mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, MYSQLI_CLIENT_FOUND_ROWS);
-
- // Find all database connection errors and error 1045 for access denied for user account
- if (mysqli_connect_errno() >= 2000 || mysqli_connect_errno() == 1045) {
- drupal_maintenance_theme();
- drupal_set_header('HTTP/1.1 503 Service Unavailable');
- drupal_set_title('Unable to connect to database server');
- print theme('maintenance_page', 'If you still have to install Drupal, proceed to the installation page.
-If you have already finished installed Drupal, this either means that the username and password information in your settings.php file is incorrect or that we can\'t connect to the MySQL database server. This could mean your hosting provider\'s database server is down.
-The MySQL error was: '. theme('placeholder', mysqli_connect_error()) .'.
-Currently, the username is '. theme('placeholder', $url['user']) .' and the database server is '. theme('placeholder', $url['host']) .'.
-
- - Are you sure you have the correct username and password?
- - Are you sure that you have typed the correct hostname?
- - Are you sure that the database server is running?
- - Are you sure that the mysqli libraries are compiled in your PHP installation? Try using the mysql library instead by editing your
settings.php configuration file in Drupal.
-
-For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
- exit;
- }
- else if (mysqli_connect_errno() > 0) {
- drupal_maintenance_theme();
- drupal_set_title('Unable to select database');
- print theme('maintenance_page', 'We were able to connect to the MySQL database server (which means your username and password are okay) but not able to select the database.
-The MySQL error was: '. theme('placeholder', mysqli_connect_error()) .'.
-Currently, the database is '. theme('placeholder', substr($url['path'], 1)) .'. The username is '. theme('placeholder', $url['user']) .' and the database server is '. theme('placeholder', $url['host']) .'.
-
- - Are you sure you have the correct database name?
- - Are you sure the database exists?
- - Are you sure the username has permission to access the database?
-
-For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
');
- exit;
- }
-
- /* Force UTF-8 */
- mysqli_query($connection, 'SET NAMES "utf8"');
-
- return $connection;
-}
-
-/**
- * Helper function for db_query().
- */
-function _db_query($query, $debug = 0) {
- global $active_db, $queries;
-
- if (variable_get('dev_query', 0)) {
- list($usec, $sec) = explode(' ', microtime());
- $timer = (float)$usec + (float)$sec;
- }
-
- $result = mysqli_query($active_db, $query);
-
- if (variable_get('dev_query', 0)) {
- $bt = debug_backtrace();
- $query = $bt[2]['function'] ."\n". $query;
- list($usec, $sec) = explode(' ', microtime());
- $stop = (float)$usec + (float)$sec;
- $diff = $stop - $timer;
- $queries[] = array($query, $diff);
- }
-
- if ($debug) {
- print 'query: '. $query .'
error:'. mysqli_error($active_db) .'
';
- }
-
- if (!mysqli_errno($active_db)) {
- return $result;
- }
- else {
- // Indicate to drupal_error_handler that this is a database error.
- ${DB_ERROR} = TRUE;
- trigger_error(check_plain(mysqli_error($active_db) ."\nquery: ". $query), E_USER_WARNING);
- return FALSE;
- }
-}
-
-/**
- * Fetch one result row from the previous query as an object.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An object representing the next row of the result, or FALSE. The attributes
- * of this object are the table fields selected by the query.
- */
-function db_fetch_object($result) {
- if ($result) {
- $object = mysqli_fetch_object($result);
- return isset($object) ? $object : FALSE;
- }
-}
-
-/**
- * Fetch one result row from the previous query as an array.
- *
- * @param $result
- * A database query result resource, as returned from db_query().
- * @return
- * An associative array representing the next row of the result, or FALSE.
- * The keys of this object are the names of the table fields selected by the
- * query, and the values are the field values for this result row.
- */
-function db_fetch_array($result) {
- if ($result) {
- $array = mysqli_fetch_array($result, MYSQLI_ASSOC);
- return isset($array) ? $array : FALSE;
- }
-}
-
-/**
-* Return an individual result field from the previous query.
-*
-* Only use this function if exactly one field is being selected; otherwise,
-* use db_fetch_object() or db_fetch_array().
-*
-* @param $result
-* A database query result resource, as returned from db_query().
-* @return
-* The resulting field or FALSE.
-*/
-function db_result($result) {
- if ($result && mysqli_num_rows($result) > 0) {
- // The mysqli_fetch_row function has an optional second parameter $row
- // but that can't be used for compatibility with Oracle, DB2, etc.
- $array = mysqli_fetch_row($result);
- return $array[0];
- }
- return FALSE;
-}
-
-/**
- * Determine whether the previous query caused an error.
- */
-function db_error() {
- global $active_db;
- return mysqli_errno($active_db);
-}
-
-/**
- * Determine the number of rows changed by the preceding query.
- */
-function db_affected_rows() {
- global $active_db; /* mysqli connection resource */
- return mysqli_affected_rows($active_db);
-}
-
-/**
- * Runs a limited-range query in the active database.
- *
- * Use this as a substitute for db_query() when a subset of the query is to be
- * returned.
- * User-supplied arguments to the query should be passed in as separate parameters
- * so that they can be properly escaped to avoid SQL injection attacks.
- *
- * @param $query
- * A string containing an SQL query.
- * @param ...
- * A variable number of arguments which are substituted into the query
- * using printf() syntax. The query arguments can be enclosed in one
- * array instead.
- * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
- *
- * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
- * and TRUE values to decimal 1.
- *
- * @param $from
- * The first result row to return.
- * @param $count
- * The maximum number of result rows to return.
- * @return
- * A database query result resource, or FALSE if the query was not executed
- * correctly.
- */
-function db_query_range($query) {
- $args = func_get_args();
- $count = array_pop($args);
- $from = array_pop($args);
- array_shift($args);
-
- $query = db_prefix_tables($query);
- if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
- $args = $args[0];
- }
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- $query .= ' LIMIT '. (int)$from .', '. (int)$count;
- return _db_query($query);
-}
-
-/**
- * Runs a SELECT query and stores its results in a temporary table.
- *
- * Use this as a substitute for db_query() when the results need to stored
- * in a temporary table. Temporary tables exist for the duration of the page
- * request.
- * User-supplied arguments to the query should be passed in as separate parameters
- * so that they can be properly escaped to avoid SQL injection attacks.
- *
- * Note that if you need to know how many results were returned, you should do
- * a SELECT COUNT(*) on the temporary table afterwards. db_affected_rows() does
- * not give consistent result across different database types in this case.
- *
- * @param $query
- * A string containing a normal SELECT SQL query.
- * @param ...
- * A variable number of arguments which are substituted into the query
- * using printf() syntax. The query arguments can be enclosed in one
- * array instead.
- * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
- *
- * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
- * and TRUE values to decimal 1.
- *
- * @param $table
- * The name of the temporary table to select into. This name will not be
- * prefixed as there is no risk of collision.
- * @return
- * A database query result resource, or FALSE if the query was not executed
- * correctly.
- */
-function db_query_temporary($query) {
- $args = func_get_args();
- $tablename = array_pop($args);
- array_shift($args);
-
- $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query));
- if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
- $args = $args[0];
- }
- _db_query_callback($args, TRUE);
- $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- return _db_query($query);
-}
-
-/**
- * Returns a properly formatted Binary Large Object value.
- *
- * @param $data
- * Data to encode.
- * @return
- * Encoded data.
- */
-function db_encode_blob($data) {
- global $active_db;
- return "'". mysqli_real_escape_string($active_db, $data) ."'";
-}
-
-/**
- * Returns text from a Binary Large OBject value.
- *
- * @param $data
- * Data to decode.
- * @return
- * Decoded data.
- */
-function db_decode_blob($data) {
- return $data;
-}
-
-/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
- */
-function db_escape_string($text) {
- global $active_db;
- return mysqli_real_escape_string($active_db, $text);
-}
-
-/**
- * Lock a table.
- */
-function db_lock_table($table) {
- db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE');
-}
-
-/**
- * Unlock all locked tables.
- */
-function db_unlock_tables() {
- db_query('UNLOCK TABLES');
-}
-
-/**
- * Check if a table exists.
- */
-function db_table_exists($table) {
- return db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_table($table) ."}'")) ? TRUE : FALSE;
-}
-
-/**
- * Check if a column exists in the given table.
- */
-function db_column_exists($table, $column) {
- return db_fetch_object(db_query("SHOW COLUMNS FROM {%s} LIKE '%s'", $table, $column)) ? TRUE : FALSE;
-}
-
-/**
- * Wraps the given table.field entry with a DISTINCT(). The wrapper is added to
- * the SELECT list entry of the given query and the resulting query is returned.
- * This function only applies the wrapper if a DISTINCT doesn't already exist in
- * the query.
- *
- * @param $table Table containing the field to set as DISTINCT
- * @param $field Field to set as DISTINCT
- * @param $query Query to apply the wrapper to
- * @return SQL query with the DISTINCT wrapper surrounding the given table.field.
- */
-function db_distinct_field($table, $field, $query) {
- $field_to_select = 'DISTINCT('. $table .'.'. $field .')';
- // (?cid);
- db_query("DELETE FROM {client} WHERE cid = %d", $client->cid);
+ db_query("DELETE FROM {client_system} WHERE cid = ?", $client->cid);
+ db_query("DELETE FROM {client} WHERE cid = ?", $client->cid);
}
}
@@ -160,20 +160,20 @@
*/
if ($client['link'] && $client['name'] && $client['mail'] && $client['slogan'] && $client['mission']) {
- $result = db_query("SELECT cid FROM {client} WHERE link = '%s'", $client['link']);
+ $result = db_query("SELECT cid FROM {client} WHERE link = ?", $client['link']);
if ($record = db_fetch_object($result)) {
$client['cid'] = $record->cid;
// We have an existing record.
- db_query("UPDATE {client} SET link = '%s', name = '%s', mail = '%s', slogan = '%s', mission = '%s', users = %d, nodes = %d, version = '%s', changed = '%s' WHERE cid = %d", $client['uid'], $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), $client['cid']);
+ db_query("UPDATE {client} SET link = ?, name = ?, mail = ?, slogan = ?, mission = ?, users = ?, nodes = ?, version = ?, changed = ? WHERE cid = ?", $client['uid'], $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), $client['cid']);
}
else {
- db_query("INSERT INTO {client} (link, name, mail, slogan, mission, users, nodes, version, created, changed) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), time());
+ db_query("INSERT INTO {client} (link, name, mail, slogan, mission, users, nodes, version, created, changed) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), time());
$client['cid'] = db_last_insert_id('client', 'cid');
}
if (is_array($system)) {
- db_query("DELETE FROM {client_system} WHERE cid = %d", $client['cid']);
+ db_query("DELETE FROM {client_system} WHERE cid = ?", $client['cid']);
foreach ($system as $item) {
- db_query("INSERT INTO {client_system} (cid, name, type) VALUES (%d, '%s', '%s')", $client['cid'], $item['name'], $item['type']);
+ db_query("INSERT INTO {client_system} (cid, name, type) VALUES (?, ?, ?)", $client['cid'], $item['name'], $item['type']);
}
}
watchdog('client ping', 'Ping from %name (%link).', array('%name' => $client['name'], '%link' => $client['link']), WATCHDOG_NOTICE, 'view');
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.851
diff -u -r1.851 user.module
--- modules/user/user.module 3 Oct 2007 13:01:04 -0000 1.851
+++ modules/user/user.module 5 Oct 2007 07:23:50 -0000
@@ -78,7 +78,7 @@
}
function user_external_load($authname) {
- $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
+ $result = db_query("SELECT uid FROM {authmap} WHERE authname = ?", $authname);
if ($user = db_fetch_array($result)) {
return user_load($user);
@@ -145,15 +145,15 @@
foreach ($array as $key => $value) {
if ($key == 'uid' || $key == 'status') {
- $query[] = "$key = %d";
+ $query[] = "$key = ?";
$params[] = $value;
}
else if ($key == 'pass') {
- $query[] = "pass = '%s'";
+ $query[] = "pass = ?";
$params[] = md5($value);
}
else {
- $query[]= "LOWER($key) = LOWER('%s')";
+ $query[]= "LOWER($key) = LOWER(?)";
$params[] = $value;
}
}
@@ -169,7 +169,7 @@
else {
$user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
}
- $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
+ $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = ?', $user->uid);
while ($role = db_fetch_object($result)) {
$user->roles[$role->rid] = $role->name;
}
@@ -202,16 +202,16 @@
if (is_object($account) && $account->uid) {
user_module_invoke('update', $array, $account, $category);
$query = '';
- $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
+ $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = ?', $account->uid)));
foreach ($array as $key => $value) {
if ($key == 'pass' && !empty($value)) {
- $query .= "$key = '%s', ";
+ $query .= "$key = ?, ";
$v[] = md5($value);
}
else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
if (in_array($key, $user_fields)) {
// Save standard fields
- $query .= "$key = '%s', ";
+ $query .= "$key = ?, ";
$v[] = $value;
}
else if ($key != 'roles') {
@@ -225,18 +225,18 @@
}
}
}
- $query .= "data = '%s' ";
+ $query .= "data = ? ";
$v[] = serialize($data);
- db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
+ db_query("UPDATE {users} SET $query WHERE uid = ?", array_merge($v, array($account->uid)));
// Reload user roles if provided
if (isset($array['roles']) && is_array($array['roles'])) {
- db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
+ db_query('DELETE FROM {users_roles} WHERE uid = ?', $account->uid);
foreach (array_keys($array['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
- db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
+ db_query('INSERT INTO {users_roles} (uid, rid) VALUES (?, ?)', $account->uid, $rid);
}
}
}
@@ -278,20 +278,20 @@
case 'pass':
$fields[] = $key;
$values[] = md5($value);
- $s[] = "'%s'";
+ $s[] = "?";
break;
case 'mode': case 'sort': case 'timezone':
case 'threshold': case 'created': case 'access':
case 'login': case 'status':
$fields[] = $key;
$values[] = $value;
- $s[] = "%d";
+ $s[] = "?";
break;
default:
if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
$fields[] = $key;
$values[] = $value;
- $s[] = "'%s'";
+ $s[] = "?";
}
break;
}
@@ -311,14 +311,14 @@
$data[$key] = $value;
}
}
- db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
+ db_query("UPDATE {users} SET data = ? WHERE uid = ?", serialize($data), $user->uid);
// Save user roles (delete just to be safe).
if (isset($array['roles']) && is_array($array['roles'])) {
- db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
+ db_query('DELETE FROM {users_roles} WHERE uid = ?', $array['uid']);
foreach (array_keys($array['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
- db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
+ db_query('INSERT INTO {users_roles} (uid, rid) VALUES (?, ?)', $array['uid'], $rid);
}
}
}
@@ -474,7 +474,7 @@
* @return boolean TRUE for blocked users, FALSE for active
*/
function user_is_blocked($name) {
- $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
+ $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER(?)", $name));
return $deny;
}
@@ -718,7 +718,7 @@
// Perform database queries to gather online user lists. We use s.timestamp
// rather than u.access because it is much faster.
$anonymous_count = sess_count($interval);
- $authenticated_users = db_query('SELECT DISTINCT u.uid, u.name, s.timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
+ $authenticated_users = db_query('SELECT DISTINCT u.uid, u.name, s.timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= ? AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
$authenticated_count = 0;
$max_users = variable_get('user_block_max_list_count', 10);
$items = array();
@@ -1087,7 +1087,7 @@
* array of modules and DA names. Called at external login.
*/
function user_get_authmaps($authname = NULL) {
- $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
+ $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = ?", $authname);
$authmaps = array();
$has_rows = FALSE;
while ($authmap = db_fetch_object($result)) {
@@ -1101,13 +1101,13 @@
foreach ($authmaps as $key => $value) {
$module = explode('_', $key, 2);
if ($value) {
- db_query("UPDATE {authmap} SET authname = '%s' WHERE uid = %d AND module = '%s'", $value, $account->uid, $module[1]);
- if (!db_affected_rows()) {
- db_query("INSERT INTO {authmap} (authname, uid, module) VALUES ('%s', %d, '%s')", $value, $account->uid, $module[1]);
+ $result = db_query("UPDATE {authmap} SET authname = ? WHERE uid = ? AND module = ?", $value, $account->uid, $module[1]);
+ if (!db_affected_rows($result)) {
+ db_query("INSERT INTO {authmap} (authname, uid, module) VALUES (?, ?, ?)", $value, $account->uid, $module[1]);
}
}
else {
- db_query("DELETE FROM {authmap} WHERE uid = %d AND module = '%s'", $account->uid, $module[1]);
+ db_query("DELETE FROM {authmap} WHERE uid = ? AND module = ?", $account->uid, $module[1]);
}
}
}
@@ -1236,7 +1236,7 @@
watchdog('user', 'Session opened for %name.', array('%name' => $user->name));
// Update the user table timestamp noting user has logged in.
- db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid);
+ db_query("UPDATE {users} SET login = ? WHERE uid = ?", time(), $user->uid);
user_module_invoke('login', $form_state['values'], $user);
@@ -1364,7 +1364,7 @@
if ($error = user_validate_name($edit['name'])) {
form_set_error('name', $error);
}
- else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
+ else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != ? AND LOWER(name) = LOWER(?)", $uid, $edit['name'])) > 0) {
form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
}
else if (drupal_is_denied('user', $edit['name'])) {
@@ -1376,7 +1376,7 @@
if ($error = user_validate_mail($edit['mail'])) {
form_set_error('mail', $error);
}
- else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
+ else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != ? AND LOWER(mail) = LOWER(?)", $uid, $edit['mail'])) > 0) {
form_set_error('mail', t('The e-mail address %email is already registered. Have you forgotten your password?', array('%email' => $edit['mail'], '@password' => url('user/password'))));
}
else if (drupal_is_denied('mail', $edit['mail'])) {
@@ -1408,9 +1408,9 @@
$account = user_load(array('uid' => $uid));
sess_destroy_uid($uid);
_user_mail_notify('status_deleted', $account);
- db_query('DELETE FROM {users} WHERE uid = %d', $uid);
- db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid);
- db_query('DELETE FROM {authmap} WHERE uid = %d', $uid);
+ db_query('DELETE FROM {users} WHERE uid = ?', $uid);
+ db_query('DELETE FROM {users_roles} WHERE uid = ?', $uid);
+ db_query('DELETE FROM {authmap} WHERE uid = ?', $uid);
$variables = array('%name' => $account->name, '%email' => '<'. $account->mail .'>');
watchdog('user', 'Deleted user: %name %email.', $variables, WATCHDOG_NOTICE);
drupal_set_message(t('%name has been deleted.', $variables));
@@ -1625,7 +1625,7 @@
function user_multiple_role_edit($accounts, $operation, $rid) {
// The role name is not necessary as user_save() will reload the user
// object, but some modules' hook_user() may look at this first.
- $role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid));
+ $role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = ?', $rid));
switch ($operation) {
case 'add_role':
@@ -1657,7 +1657,7 @@
$form['accounts'] = array('#prefix' => '', '#tree' => TRUE);
// array_filter returns only elements with TRUE values
foreach (array_filter($edit['accounts']) as $uid => $value) {
- $user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid));
+ $user = db_result(db_query('SELECT name FROM {users} WHERE uid = ?', $uid));
$form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '- ', '#suffix' => check_plain($user) ."
\n");
}
$form['operation'] = array('#type' => 'hidden', '#value' => 'delete');
@@ -1745,7 +1745,7 @@
if (count($roles)) {
$filters['role'] = array(
'title' => t('role'),
- 'where' => "ur.rid = %d",
+ 'where' => "ur.rid = ?",
'options' => $roles,
'join' => '',
);
@@ -1770,7 +1770,7 @@
$filters['status'] = array(
'title' => t('status'),
- 'where' => 'u.status = %d',
+ 'where' => 'u.status = ?',
'join' => '',
'options' => array(1 => t('active'), 0 => t('blocked')),
);
@@ -2048,7 +2048,7 @@
global $user;
$uid = $user->uid;
}
- db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
+ db_query("UPDATE {users} SET status = 0 WHERE uid = ?", $uid);
sess_destroy_uid($uid);
watchdog('action', 'Blocked user %name.', array('%name' => check_plain($user->name)));
}
@@ -2059,7 +2059,7 @@
*/
function user_block_ip_action() {
$ip = ip_address();
- db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $ip, 'host', 0);
+ db_query("INSERT INTO {access} (mask, type, status) VALUES (?, ?, ?)", $ip, 'host', 0);
watchdog('action', 'Banned IP address %ip', array('%ip' => $ip));
}
Index: modules/user/user.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.pages.inc,v
retrieving revision 1.1
diff -u -r1.1 user.pages.inc
--- modules/user/user.pages.inc 10 Sep 2007 13:14:38 -0000 1.1
+++ modules/user/user.pages.inc 5 Oct 2007 07:23:50 -0000
@@ -98,7 +98,7 @@
watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
// Update the user table noting user has logged in.
// And this also makes this hashed password a one-time-only login.
- db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $account->uid);
+ db_query("UPDATE {users} SET login = ? WHERE uid = ?", time(), $account->uid);
// Now we can set the new user.
$user = $account;
// And proceed with normal login, going to user page.
Index: modules/user/user.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.admin.inc,v
retrieving revision 1.5
diff -u -r1.5 user.admin.inc
--- modules/user/user.admin.inc 2 Oct 2007 16:03:17 -0000 1.5
+++ modules/user/user.admin.inc 5 Oct 2007 07:23:50 -0000
@@ -173,7 +173,7 @@
$form['name'][$account->uid] = array('#value' => theme('username', $account));
$form['status'][$account->uid] = array('#value' => $status[$account->status]);
$users_roles = array();
- $roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = %d', $account->uid);
+ $roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = ?', $account->uid);
while ($user_role = db_fetch_object($roles_result)) {
$users_roles[] = $roles[$user_role->rid];
}
@@ -493,7 +493,7 @@
*/
function user_admin_perm($form_state, $rid = NULL) {
if (is_numeric($rid)) {
- $result = db_query('SELECT r.rid, p.perm FROM {role} r LEFT JOIN {permission} p ON r.rid = p.rid WHERE r.rid = %d', $rid);
+ $result = db_query('SELECT r.rid, p.perm FROM {role} r LEFT JOIN {permission} p ON r.rid = p.rid WHERE r.rid = ?', $rid);
}
else {
$result = db_query('SELECT r.rid, p.perm FROM {role} r LEFT JOIN {permission} p ON r.rid = p.rid ORDER BY name');
@@ -508,7 +508,7 @@
}
if (is_numeric($rid)) {
- $result = db_query('SELECT rid, name FROM {role} r WHERE r.rid = %d ORDER BY name', $rid);
+ $result = db_query('SELECT rid, name FROM {role} r WHERE r.rid = ? ORDER BY name', $rid);
}
else {
$result = db_query('SELECT rid, name FROM {role} ORDER BY name');
@@ -558,10 +558,10 @@
if (isset($form_state['values'][$role->rid])) {
// Delete, so if we clear every checkbox we reset that role;
// otherwise permissions are active and denied everywhere.
- db_query('DELETE FROM {permission} WHERE rid = %d', $role->rid);
+ db_query('DELETE FROM {permission} WHERE rid = ?', $role->rid);
$form_state['values'][$role->rid] = array_filter($form_state['values'][$role->rid]);
if (count($form_state['values'][$role->rid])) {
- db_query("INSERT INTO {permission} (rid, perm) VALUES (%d, '%s')", $role->rid, implode(', ', array_keys($form_state['values'][$role->rid])));
+ db_query("INSERT INTO {permission} (rid, perm) VALUES (?, ?)", $role->rid, implode(', ', array_keys($form_state['values'][$role->rid])));
}
}
}
@@ -624,7 +624,7 @@
drupal_goto('admin/user/roles');
}
// Display the edit role form.
- $role = db_fetch_object(db_query('SELECT * FROM {role} WHERE rid = %d', $id));
+ $role = db_fetch_object(db_query('SELECT * FROM {role} WHERE rid = ?', $id));
$form['name'] = array(
'#type' => 'textfield',
'#title' => t('Role name'),
@@ -666,12 +666,12 @@
function user_admin_role_validate($form, &$form_state) {
if ($form_state['values']['name']) {
if ($form_state['values']['op'] == t('Save role')) {
- if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s' AND rid != %d", $form_state['values']['name'], $form_state['values']['rid']))) {
+ if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = ? AND rid != ?", $form_state['values']['name'], $form_state['values']['rid']))) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
}
}
else if ($form_state['values']['op'] == t('Add role')) {
- if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s'", $form_state['values']['name']))) {
+ if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = ?", $form_state['values']['name']))) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
}
}
@@ -683,19 +683,19 @@
function user_admin_role_submit($form, &$form_state) {
if ($form_state['values']['op'] == t('Save role')) {
- db_query("UPDATE {role} SET name = '%s' WHERE rid = %d", $form_state['values']['name'], $form_state['values']['rid']);
+ db_query("UPDATE {role} SET name = ? WHERE rid = ?", $form_state['values']['name'], $form_state['values']['rid']);
drupal_set_message(t('The role has been renamed.'));
}
else if ($form_state['values']['op'] == t('Delete role')) {
- db_query('DELETE FROM {role} WHERE rid = %d', $form_state['values']['rid']);
- db_query('DELETE FROM {permission} WHERE rid = %d', $form_state['values']['rid']);
+ db_query('DELETE FROM {role} WHERE rid = ?', $form_state['values']['rid']);
+ db_query('DELETE FROM {permission} WHERE rid = ?', $form_state['values']['rid']);
// Update the users who have this role set:
- db_query('DELETE FROM {users_roles} WHERE rid = %d', $form_state['values']['rid']);
+ db_query('DELETE FROM {users_roles} WHERE rid = ?', $form_state['values']['rid']);
drupal_set_message(t('The role has been deleted.'));
}
else if ($form_state['values']['op'] == t('Add role')) {
- db_query("INSERT INTO {role} (name) VALUES ('%s')", $form_state['values']['name']);
+ db_query("INSERT INTO {role} (name) VALUES (?)", $form_state['values']['name']);
drupal_set_message(t('The role has been added.'));
}
$form_state['redirect'] = 'admin/user/roles';
@@ -721,7 +721,7 @@
form_set_error('mask', t('You must enter a mask.'));
}
else {
- db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $edit['mask'], $edit['type'], $edit['status']);
+ db_query("INSERT INTO {access} (mask, type, status) VALUES (?, ?, ?)", $edit['mask'], $edit['type'], $edit['status']);
$aid = db_last_insert_id('access', 'aid');
drupal_set_message(t('The access rule has been added.'));
drupal_goto('admin/user/rules');
@@ -743,13 +743,13 @@
form_set_error('mask', t('You must enter a mask.'));
}
else {
- db_query("UPDATE {access} SET mask = '%s', type = '%s', status = '%s' WHERE aid = %d", $edit['mask'], $edit['type'], $edit['status'], $aid);
+ db_query("UPDATE {access} SET mask = ?, type = ?, status = ? WHERE aid = ?", $edit['mask'], $edit['type'], $edit['status'], $aid);
drupal_set_message(t('The access rule has been saved.'));
drupal_goto('admin/user/rules');
}
}
else {
- $edit = db_fetch_array(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = %d', $aid));
+ $edit = db_fetch_array(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = ?', $aid));
}
return drupal_get_form('user_admin_access_edit_form', $edit, t('Save rule'));
}
@@ -865,7 +865,7 @@
*/
function user_admin_access_delete_confirm($form_state, $aid = 0) {
$access_types = array('user' => t('username'), 'mail' => t('e-mail'), 'host' => t('host'));
- $edit = db_fetch_object(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = %d', $aid));
+ $edit = db_fetch_object(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = ?', $aid));
$form = array();
$form['aid'] = array('#type' => 'hidden', '#value' => $aid);
@@ -879,7 +879,7 @@
}
function user_admin_access_delete_confirm_submit($form, &$form_state) {
- db_query('DELETE FROM {access} WHERE aid = %d', $form_state['values']['aid']);
+ db_query('DELETE FROM {access} WHERE aid = ?', $form_state['values']['aid']);
drupal_set_message(t('The access rule has been deleted.'));
$form_state['redirect'] = 'admin/user/rules';
return;
Index: modules/php/php.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/php/php.install,v
retrieving revision 1.1
diff -u -r1.1 php.install
--- modules/php/php.install 24 Apr 2007 10:54:34 -0000 1.1
+++ modules/php/php.install 5 Oct 2007 07:23:48 -0000
@@ -15,7 +15,7 @@
$format = db_result(db_query("SELECT MAX(format) FROM {filter_formats}"));
// Enable the PHP evaluator filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, 'php', 0, 0)", $format);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, 'php', 0, 0)", $format);
drupal_set_message(t('A !php-code input format has been created.', array('!php-code' => l('PHP code', 'admin/settings/filters/'. $format))));
}
Index: modules/system/system.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.module,v
retrieving revision 1.535
diff -u -r1.535 system.module
--- modules/system/system.module 4 Oct 2007 18:51:04 -0000 1.535
+++ modules/system/system.module 5 Oct 2007 07:23:49 -0000
@@ -489,13 +489,13 @@
function system_admin_menu_block($item) {
$content = array();
if (!isset($item['mlid'])) {
- $item += db_fetch_array(db_query("SELECT mlid, menu_name FROM {menu_links} ml WHERE ml.router_path = '%s' AND module = 'system'", $item['path']));
+ $item += db_fetch_array(db_query("SELECT mlid, menu_name FROM {menu_links} ml WHERE ml.router_path = ? AND module = 'system'", $item['path']));
}
$result = db_query("
SELECT m.*, ml.*
FROM {menu_links} ml
INNER JOIN {menu_router} m ON ml.router_path = m.path
- WHERE ml.plid = %d AND ml.menu_name = '%s' AND hidden = 0", $item['mlid'], $item['menu_name']);
+ WHERE ml.plid = ? AND ml.menu_name = ? AND hidden = 0", $item['mlid'], $item['menu_name']);
while ($item = db_fetch_array($result)) {
_menu_link_translate($item);
if (!$item['access']) {
@@ -518,7 +518,7 @@
function system_admin_theme_submit($form, &$form_state) {
// If we're changing themes, make sure the theme has its blocks initialized.
if ($form_state['values']['admin_theme'] && $form_state['values']['admin_theme'] != variable_get('admin_theme', '0')) {
- $result = db_result(db_query("SELECT COUNT(*) FROM {blocks} WHERE theme = '%s'", $form_state['values']['admin_theme']));
+ $result = db_result(db_query("SELECT COUNT(*) FROM {blocks} WHERE theme = ?", $form_state['values']['admin_theme']));
if (!$result) {
system_initialize_theme_blocks($form_state['values']['admin_theme']);
}
@@ -607,7 +607,7 @@
*/
function system_get_files_database(&$files, $type) {
// Extract current files from database.
- $result = db_query("SELECT filename, name, type, status, throttle, schema_version FROM {system} WHERE type = '%s'", $type);
+ $result = db_query("SELECT filename, name, type, status, throttle, schema_version FROM {system} WHERE type = ?", $type);
while ($file = db_fetch_object($result)) {
if (isset($files[$file->name]) && is_object($files[$file->name])) {
$file->old_filename = $file->filename;
@@ -663,13 +663,13 @@
$engines = drupal_system_listing('\.engine$', 'themes/engines');
// Remove all theme engines from the system table
- db_query("DELETE FROM {system} WHERE type = '%s'", 'theme_engine');
+ db_query("DELETE FROM {system} WHERE type = ?", 'theme_engine');
foreach ($engines as $engine) {
// Insert theme engine into system table
drupal_get_filename('theme_engine', $engine->name, $engine->filename);
drupal_load('theme_engine', $engine->name);
- db_query("INSERT INTO {system} (name, type, filename, status, throttle, bootstrap) VALUES ('%s', '%s', '%s', %d, %d, %d)", $engine->name, 'theme_engine', $engine->filename, 1, 0, 0);
+ db_query("INSERT INTO {system} (name, type, filename, status, throttle, bootstrap) VALUES (?, ?, ?, ?, ?, ?)", $engine->name, 'theme_engine', $engine->filename, 1, 0, 0);
}
$defaults = system_theme_default();
@@ -754,7 +754,7 @@
$theme->owner = '';
}
- db_query("INSERT INTO {system} (name, owner, info, type, filename, status, throttle, bootstrap) VALUES ('%s', '%s', '%s', '%s', '%s', %d, %d, %d)", $theme->name, $theme->owner, serialize($theme->info), 'theme', $theme->filename, isset($theme->status) ? $theme->status : 0, 0, 0);
+ db_query("INSERT INTO {system} (name, owner, info, type, filename, status, throttle, bootstrap) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $theme->name, $theme->owner, serialize($theme->info), 'theme', $theme->filename, isset($theme->status) ? $theme->status : 0, 0, 0);
}
return $themes;
@@ -798,7 +798,7 @@
static $list = array();
if (!array_key_exists($theme_key, $list)) {
- $info = unserialize(db_result(db_query("SELECT info FROM {system} WHERE type = 'theme' AND name = '%s'", $theme_key)));
+ $info = unserialize(db_result(db_query("SELECT info FROM {system} WHERE type = 'theme' AND name = ?", $theme_key)));
$list[$theme_key] = array_map('t', $info['regions']);
}
@@ -831,16 +831,16 @@
*/
function system_initialize_theme_blocks($theme) {
// Initialize theme's blocks if none already registered.
- if (!(db_result(db_query("SELECT COUNT(*) FROM {blocks} WHERE theme = '%s'", $theme)))) {
+ if (!(db_result(db_query("SELECT COUNT(*) FROM {blocks} WHERE theme = ?", $theme)))) {
$default_theme = variable_get('theme_default', 'garland');
$regions = system_region_list($theme);
- $result = db_query("SELECT * FROM {blocks} WHERE theme = '%s'", $default_theme);
+ $result = db_query("SELECT * FROM {blocks} WHERE theme = ?", $default_theme);
while ($block = db_fetch_array($result)) {
// If the region isn't supported by the theme, assign the block to the theme's default region.
if (!array_key_exists($block['region'], $regions)) {
$block['region'] = system_default_region($theme);
}
- db_query("INSERT INTO {blocks} (module, delta, theme, status, weight, region, visibility, pages, custom, throttle, cache) VALUES ('%s', '%s', '%s', %d, %d, '%s', %d, '%s', %d, %d, %d)",
+ db_query("INSERT INTO {blocks} (module, delta, theme, status, weight, region, visibility, pages, custom, throttle, cache) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
$block['module'], $block['delta'], $theme, $block['status'], $block['weight'], $block['region'], $block['visibility'], $block['pages'], $block['custom'], $block['throttle'], $block['cache']);
}
}
@@ -1041,12 +1041,12 @@
*/
function system_cron() {
// Cleanup the flood.
- db_query('DELETE FROM {flood} WHERE timestamp < %d', time() - 3600);
+ db_query('DELETE FROM {flood} WHERE timestamp < ?', time() - 3600);
// Cleanup the batch table.
- db_query('DELETE FROM {batch} WHERE timestamp < %d', time() - 864000);
+ db_query('DELETE FROM {batch} WHERE timestamp < ?', time() - 864000);
// Remove temporary files that are older than DRUPAL_MAXIMUM_TEMP_FILE_AGE.
- $result = db_query('SELECT * FROM {files} WHERE status = %s and timestamp < %d', FILE_STATUS_TEMPORARY, time() - DRUPAL_MAXIMUM_TEMP_FILE_AGE);
+ $result = db_query('SELECT * FROM {files} WHERE status = %s and timestamp < ?', FILE_STATUS_TEMPORARY, time() - DRUPAL_MAXIMUM_TEMP_FILE_AGE);
while ($file = db_fetch_object($result)) {
if (file_exists($file->filepath)) {
// If files that exist cannot be deleted, continue so the database remains
@@ -1056,7 +1056,7 @@
continue;
}
}
- db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
+ db_query('DELETE FROM {files} WHERE fid = ?', $file->fid);
}
}
@@ -1231,7 +1231,7 @@
if (is_numeric($action)) {
$aid = $action;
// Load stored parameter values from database.
- $data = db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = %d", intval($aid)));
+ $data = db_fetch_object(db_query("SELECT * FROM {actions} WHERE aid = ?", intval($aid)));
$edit['actions_description'] = $data->description;
$edit['actions_type'] = $data->type;
$function = $data->callback;
Index: modules/system/system.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.admin.inc,v
retrieving revision 1.13
diff -u -r1.13 system.admin.inc
--- modules/system/system.admin.inc 4 Oct 2007 18:51:04 -0000 1.13
+++ modules/system/system.admin.inc 5 Oct 2007 07:23:49 -0000
@@ -27,7 +27,7 @@
SELECT m.*, ml.*
FROM {menu_links} ml
INNER JOIN {menu_router} m ON ml.router_path = m.path
- WHERE ml.link_path != 'admin/help' AND menu_name = '%s' AND ml.plid = %d AND hidden = 0", $admin);
+ WHERE ml.link_path != 'admin/help' AND menu_name = ? AND ml.plid = ? AND hidden = 0", array_values($admin));
while ($item = db_fetch_array($result)) {
_menu_link_translate($item);
if (!$item['access']) {
@@ -259,7 +259,7 @@
if ($choice || $form_state['values']['theme_default'] == $key) {
system_initialize_theme_blocks($key);
$new_theme_list[] = $key;
- db_query("UPDATE {system} SET status = 1 WHERE type = 'theme' and name = '%s'", $key);
+ db_query("UPDATE {system} SET status = 1 WHERE type = 'theme' and name = ?", $key);
}
}
}
@@ -798,7 +798,7 @@
// Update throttle settings, if present
if (isset($form_state['values']['throttle'])) {
foreach ($form_state['values']['throttle'] as $key => $choice) {
- db_query("UPDATE {system} SET throttle = %d WHERE type = 'module' and name = '%s'", $choice ? 1 : 0, $key);
+ db_query("UPDATE {system} SET throttle = ? WHERE type = 'module' and name = ?", $choice ? 1 : 0, $key);
}
}
@@ -924,7 +924,7 @@
$form = array();
// Pull all disabled modules from the system table.
- $disabled_modules = db_query("SELECT name, filename, info FROM {system} WHERE type = 'module' AND status = 0 AND schema_version > %d ORDER BY name", SCHEMA_UNINSTALLED);
+ $disabled_modules = db_query("SELECT name, filename, info FROM {system} WHERE type = 'module' AND status = 0 AND schema_version > ? ORDER BY name", SCHEMA_UNINSTALLED);
while ($module = db_fetch_object($disabled_modules)) {
// Grab the module info
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.158
diff -u -r1.158 system.install
--- modules/system/system.install 3 Oct 2007 13:19:19 -0000 1.158
+++ modules/system/system.install 5 Oct 2007 07:23:49 -0000
@@ -246,56 +246,56 @@
// uid 2 which is not what we want. So we insert the first user here, the
// anonymous user. uid is 1 here for now, but very soon it will be changed
// to 0.
- db_query("INSERT INTO {users} (name, mail) VALUES('%s', '%s')", '', '');
+ db_query("INSERT INTO {users} (name, mail) VALUES(?, ?)", '', '');
// We need some placeholders here as name and mail are uniques and data is
// presumed to be a serialized array. Install will change uid 1 immediately
// anyways. So we insert the superuser here, the uid is 2 here for now, but
// very soon it will be changed to 1.
- db_query("INSERT INTO {users} (name, mail, created, data) VALUES('%s', '%s', %d, '%s')", 'placeholder-for-uid-1', 'placeholder-for-uid-1', time(), serialize(array()));
+ db_query("INSERT INTO {users} (name, mail, created, data) VALUES(?, ?, ?, ?)", 'placeholder-for-uid-1', 'placeholder-for-uid-1', time(), serialize(array()));
// This sets the above two users to 1 -1 = 0 (anonymous) and
// 2- 1 = 1 (superuser). We skip uid 2 but that's not a big problem.
db_query('UPDATE {users} SET uid = uid - 1');
- db_query("INSERT INTO {role} (name) VALUES ('%s')", 'anonymous user');
- db_query("INSERT INTO {role} (name) VALUES ('%s')", 'authenticated user');
+ db_query("INSERT INTO {role} (name) VALUES (?)", 'anonymous user');
+ db_query("INSERT INTO {role} (name) VALUES (?)", 'authenticated user');
- db_query("INSERT INTO {permission} (rid, perm, tid) VALUES (%d, '%s', %d)", 1, 'access content', 0);
- db_query("INSERT INTO {permission} (rid, perm, tid) VALUES (%d, '%s', %d)", 2, 'access comments, access content, post comments, post comments without approval', 0);
+ db_query("INSERT INTO {permission} (rid, perm, tid) VALUES (?, ?, ?)", 1, 'access content', 0);
+ db_query("INSERT INTO {permission} (rid, perm, tid) VALUES (?, ?, ?)", 2, 'access comments, access content, post comments, post comments without approval', 0);
- db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", 'theme_default', 's:7:"garland";');
- db_query("UPDATE {system} SET status = %d WHERE type = '%s' AND name = '%s'", 1, 'theme', 'garland');
- db_query("INSERT INTO {blocks} (module, delta, theme, status, pages) VALUES ('%s', '%s', '%s', %d, '%s')", 'user', '0', 'garland', 1, '');
- db_query("INSERT INTO {blocks} (module, delta, theme, status, pages) VALUES ('%s', '%s', '%s', %d, '%s')", 'user', '1', 'garland', 1, '');
+ db_query("INSERT INTO {variable} (name, value) VALUES (?, ?)", 'theme_default', 's:7:"garland";');
+ db_query("UPDATE {system} SET status = ? WHERE type = ? AND name = ?", 1, 'theme', 'garland');
+ db_query("INSERT INTO {blocks} (module, delta, theme, status, pages) VALUES (?, ?, ?, ?, ?)", 'user', '0', 'garland', 1, '');
+ db_query("INSERT INTO {blocks} (module, delta, theme, status, pages) VALUES (?, ?, ?, ?, ?)", 'user', '1', 'garland', 1, '');
- db_query("INSERT INTO {node_access} (nid, gid, realm, grant_view, grant_update, grant_delete) VALUES (%d, %d, '%s', %d, %d, %d)", 0, 0, 'all', 1, 0, 0);
+ db_query("INSERT INTO {node_access} (nid, gid, realm, grant_view, grant_update, grant_delete) VALUES (?, ?, ?, ?, ?, ?)", 0, 0, 'all', 1, 0, 0);
// Add input formats.
- db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES ('%s', '%s', %d)", 'Filtered HTML', ',1,2,', 1);
- db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES ('%s', '%s', %d)", 'Full HTML', '', 1);
+ db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES (?, ?, ?)", 'Filtered HTML', ',1,2,', 1);
+ db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES (?, ?, ?)", 'Full HTML', '', 1);
// Enable filters for each input format.
// Filtered HTML:
// URL filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", 1, 'filter', 2, 0);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", 1, 'filter', 2, 0);
// HTML filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", 1, 'filter', 0, 1);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", 1, 'filter', 0, 1);
// Line break filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", 1, 'filter', 1, 2);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", 1, 'filter', 1, 2);
// HTML corrector filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", 1, 'filter', 3, 10);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", 1, 'filter', 3, 10);
// Full HTML:
// URL filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", 2, 'filter', 2, 0);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", 2, 'filter', 2, 0);
// Line break filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", 2, 'filter', 1, 1);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", 2, 'filter', 1, 1);
// HTML corrector filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", 1, 'filter', 3, 10);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", 1, 'filter', 3, 10);
- db_query("INSERT INTO {variable} (name, value) VALUES ('%s','%s')", 'filter_html_1', 'i:1;');
+ db_query("INSERT INTO {variable} (name, value) VALUES (?,?)", 'filter_html_1', 'i:1;');
- db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", 'node_options_forum', 'a:1:{i:0;s:6:"status";}');
+ db_query("INSERT INTO {variable} (name, value) VALUES (?, ?)", 'node_options_forum', 'a:1:{i:0;s:6:"status";}');
}
// Updates for core
@@ -482,13 +482,13 @@
if (isset($arr2[0]) && isset($arr2[1])) {
switch ($arr2[1]) {
case '+ 1':
- db_query("INSERT INTO {queue} (nid, uid, vote) VALUES (%d, %d, %d)", $node->nid, (int)$arr2[0], 1);
+ db_query("INSERT INTO {queue} (nid, uid, vote) VALUES (?, ?, ?)", $node->nid, (int)$arr2[0], 1);
break;
case '- 1':
- db_query("INSERT INTO {queue} (nid, uid, vote) VALUES (%d, %d, %d)", $node->nid, (int)$arr2[0], -1);
+ db_query("INSERT INTO {queue} (nid, uid, vote) VALUES (?, ?, ?)", $node->nid, (int)$arr2[0], -1);
break;
default:
- db_query("INSERT INTO {queue} (nid, uid, vote) VALUES (%d, %d, %d)", $node->nid, (int)$arr2[0], 0);
+ db_query("INSERT INTO {queue} (nid, uid, vote) VALUES (?, ?, ?)", $node->nid, (int)$arr2[0], 0);
}
}
}
@@ -544,7 +544,7 @@
}
foreach ($node_types as $vid => $type_array) {
foreach ($type_array as $type) {
- db_query("INSERT INTO {vocabulary_node_types} (vid, type) VALUES (%d, '%s')", $vid, $type);
+ db_query("INSERT INTO {vocabulary_node_types} (vid, type) VALUES (?, ?)", $vid, $type);
}
}
if ($GLOBALS['db_type'] == 'mysql') {
@@ -593,7 +593,7 @@
list(, $page, $op, $uid) = explode('/', $alias->src);
if ($page == 'feed') {
$new = "blog/$uid/feed";
- update_sql("UPDATE {url_alias} SET src = '%s' WHERE pid = '%s'", $new, $alias->pid);
+ update_sql("UPDATE {url_alias} SET src = ? WHERE pid = ?", $new, $alias->pid);
}
}
@@ -680,8 +680,8 @@
// fill table
$result = db_query("SELECT c.nid, c.timestamp, c.name, c.uid, COUNT(c.nid) as comment_count FROM {node} n LEFT JOIN {comments} c ON c.nid = n.nid WHERE c.status = 0 GROUP BY c.nid, c.timestamp, c.name, c.uid");
while ($comment_record = db_fetch_object($result)) {
- $count = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE nid = %d AND status = 0', $comment_record->nid));
- db_query("UPDATE {node_comment_statistics} SET comment_count = %d, last_comment_timestamp = %d, last_comment_name = '%s', last_comment_uid = %d WHERE nid = %d", $count, $comment_record->timestamp, $comment_record->name, $comment_record->uid, $comment_record->nid);
+ $count = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE nid = ? AND status = 0', $comment_record->nid));
+ db_query("UPDATE {node_comment_statistics} SET comment_count = ?, last_comment_timestamp = ?, last_comment_name = ?, last_comment_uid = ? WHERE nid = ?", $count, $comment_record->timestamp, $comment_record->name, $comment_record->uid, $comment_record->nid);
}
return $ret;
@@ -833,7 +833,7 @@
$result = db_query("SELECT delta FROM {blocks} WHERE module = 'aggregator'");
while ($block = db_fetch_object($result)) {
list($type, $id) = explode(':', $block->delta);
- db_query("UPDATE {blocks} SET delta = '%s' WHERE module = 'aggregator' AND delta = '%s'", $type .'-'. $id, $block->delta);
+ db_query("UPDATE {blocks} SET delta = ? WHERE module = 'aggregator' AND delta = ?", $type .'-'. $id, $block->delta);
}
variable_del('update_135_done');
@@ -990,7 +990,7 @@
// Initialize block data for default theme
$ret[] = update_sql("UPDATE {blocks} SET region = 'left' WHERE region = '0'");
$ret[] = update_sql("UPDATE {blocks} SET region = 'right' WHERE region = '1'");
- db_query("UPDATE {blocks} SET theme = '%s'", $default_theme);
+ db_query("UPDATE {blocks} SET theme = ?", $default_theme);
// Initialize block data for other enabled themes.
$themes = list_themes();
@@ -1091,7 +1091,7 @@
// Move logs too.
$result = db_query("SELECT nid, log FROM {book} WHERE log != ''");
while ($row = db_fetch_object($result)) {
- db_query("UPDATE {node_revisions} SET log = '%s' WHERE vid = %d", $row->log, $row->nid);
+ db_query("UPDATE {node_revisions} SET log = ? WHERE vid = ?", $row->log, $row->nid);
}
$ret[] = update_sql("ALTER TABLE {book} DROP log");
@@ -1270,7 +1270,7 @@
for ($i = 0; $i < count($links['text']); $i++) {
if ($links['text'][$i] != "" && $links['link'][$i] != "") {
$num_inserted ++;
- $node_unalias = db_fetch_array(db_query("SELECT src FROM {url_alias} WHERE dst = '%s'", $links['link'][$i]));
+ $node_unalias = db_fetch_array(db_query("SELECT src FROM {url_alias} WHERE dst = ?", $links['link'][$i]));
if (isset($node_unalias) && is_array($node_unalias)) {
$href = $node_unalias['src'];
}
@@ -1460,18 +1460,18 @@
$revision['uid'] = $version['uid'];
$revision['timestamp'] = $version['timestamp'];
$vid++;
- $revisions_query[] = "(%d, %d, %d, '%s', '%s', '%s', '%s', %d, %d)";
+ $revisions_query[] = "(?, ?, ?, ?, ?, ?, ?, ?, ?)";
$revisions_args = array_merge($revisions_args, array($node->nid, $vid, $revision['uid'], $revision['title'], $revision['body'], $revision['teaser'], $revision['log'], $revision['timestamp'], $revision['format']));
switch ($node->type) {
case 'forum':
if ($revision['tid'] > 0) {
- $forum_query[] = "(%d, %d, %d)";
+ $forum_query[] = "(?, ?, ?)";
$forum_args = array_merge($forum_args, array($vid, $node->nid, $revision['tid']));
}
break;
case 'book':
- $book_query[] = "(%d, %d, %d, %d)";
+ $book_query[] = "(?, ?, ?, ?)";
$book_args = array_merge($book_args, array($vid, $node->nid, $revision['parent'], $revision['weight']));
break;
}
@@ -1507,10 +1507,10 @@
}
if ($delete) {
- db_query('DELETE FROM {old_revisions} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {old_revisions} WHERE nid = ?', $node->nid);
}
else {
- db_query('UPDATE {old_revisions} SET done = 1 WHERE nid = %d', $node->nid);
+ db_query('UPDATE {old_revisions} SET done = 1 WHERE nid = ?', $node->nid);
}
switch ($GLOBALS['db_type']) {
@@ -1525,7 +1525,7 @@
}
}
else {
- db_query('UPDATE {old_revisions} SET done = 1 WHERE nid = %d', $node->nid);
+ db_query('UPDATE {old_revisions} SET done = 1 WHERE nid = ?', $node->nid);
watchdog('php', "Recovering old revisions for node %nid failed.", array('%nid' => $node->nid), WATCHDOG_WARNING);
}
}
@@ -1647,11 +1647,11 @@
foreach (explode(' ', $poll->polled) as $polled) {
if ($polled[0] == '_') {
// $polled is a user id
- db_query('INSERT INTO {poll_votes} (nid, uid) VALUES (%d, %d)', $poll->nid, substr($polled, 1, -1));
+ db_query('INSERT INTO {poll_votes} (nid, uid) VALUES (?, ?)', $poll->nid, substr($polled, 1, -1));
}
else {
// $polled is a host
- db_query("INSERT INTO {poll_votes} (nid, hostname) VALUES (%d, '%s')", $poll->nid, $polled);
+ db_query("INSERT INTO {poll_votes} (nid, hostname) VALUES (?, ?)", $poll->nid, $polled);
}
}
}
@@ -1815,7 +1815,7 @@
include_once './'. drupal_get_path('module', 'comment') .'/comment.module';
$limit = 20;
- $result = db_query_range("SELECT cid, thread FROM {comments} WHERE cid > %d ORDER BY cid ASC", $_SESSION['system_update_172'], 0, $limit);
+ $result = db_query_range("SELECT cid, thread FROM {comments} WHERE cid > ? ORDER BY cid ASC", $_SESSION['system_update_172'], 0, $limit);
while ($comment = db_fetch_object($result)) {
$_SESSION['system_update_172'] = $comment->cid;
$thread = explode('.', rtrim($comment->thread, '/'));
@@ -1824,7 +1824,7 @@
$thread[$i] = int2vancode((strlen($offset) - 1) * 10 + substr($offset, -1, 1));
}
$thread = implode('.', $thread) .'/';
- db_query("UPDATE {comments} SET thread = '%s' WHERE cid = %d", $thread, $comment->cid);
+ db_query("UPDATE {comments} SET thread = ? WHERE cid = ?", $thread, $comment->cid);
}
if ($_SESSION['system_update_172'] == $_SESSION['system_update_172_max']) {
@@ -1947,7 +1947,7 @@
while ($path = db_fetch_object($result)) {
$path->src = urldecode($path->src);
$path->dst = urldecode($path->dst);
- db_query("UPDATE {url_alias} SET dst = '%s', src = '%s' WHERE pid = %d", $path->dst, $path->src, $path->pid);
+ db_query("UPDATE {url_alias} SET dst = ?, src = ? WHERE pid = ?", $path->dst, $path->src, $path->pid);
}
return array();
}
@@ -2015,7 +2015,7 @@
// Any format with only the linebreak filter in it
$result = db_query("SELECT format FROM {filters} WHERE module = 'filter' AND delta = 2");
while ($format = db_fetch_object($result)) {
- if (db_result(db_query('SELECT COUNT(*) FROM {filters} WHERE format = %d', $format->format)) == 1) {
+ if (db_result(db_query('SELECT COUNT(*) FROM {filters} WHERE format = ?', $format->format)) == 1) {
$formats[$format->format] = TRUE;
}
}
@@ -2045,7 +2045,7 @@
// Build format query string
$_SESSION['formats'] = array_keys($formats);
- $_SESSION['format_string'] = '('. substr(str_repeat('%d, ', count($formats)), 0, -2) .')';
+ $_SESSION['format_string'] = '('. substr(str_repeat('?, ', count($formats)), 0, -2) .')';
// Begin update
$_SESSION['system_update_178_comment'] = 0;
@@ -2059,19 +2059,19 @@
// Comments
if ($_SESSION['system_update_178_comment'] != $_SESSION['system_update_178_comment_max']) {
$args = array_merge(array($_SESSION['system_update_178_comment']), $_SESSION['formats']);
- $result = db_query_range("SELECT cid, comment FROM {comments} WHERE cid > %d AND format IN ". $_SESSION['format_string'] .' ORDER BY cid ASC', $args, 0, $limit);
+ $result = db_query_range("SELECT cid, comment FROM {comments} WHERE cid > ? AND format IN ". $_SESSION['format_string'] .' ORDER BY cid ASC', $args, 0, $limit);
while ($comment = db_fetch_object($result)) {
$_SESSION['system_update_178_comment'] = $comment->cid;
$comment->comment = _update_178_url_fix($comment->comment);
if ($comment->comment !== FALSE) {
- db_query("UPDATE {comments} SET comment = '%s' WHERE cid = %d", $comment->comment, $comment->cid);
+ db_query("UPDATE {comments} SET comment = ? WHERE cid = ?", $comment->comment, $comment->cid);
}
}
}
// Node revisions
$args = array_merge(array($_SESSION['system_update_178_node']), $_SESSION['formats']);
- $result = db_query_range("SELECT vid, teaser, body FROM {node_revisions} WHERE vid > %d AND format IN ". $_SESSION['format_string'] .' ORDER BY vid ASC', $args, 0, $limit);
+ $result = db_query_range("SELECT vid, teaser, body FROM {node_revisions} WHERE vid > ? AND format IN ". $_SESSION['format_string'] .' ORDER BY vid ASC', $args, 0, $limit);
while ($node = db_fetch_object($result)) {
$_SESSION['system_update_178_node'] = $node->vid;
$set = array();
@@ -2079,19 +2079,19 @@
$node->teaser = _update_178_url_fix($node->teaser);
if ($node->teaser !== FALSE) {
- $set[] = "teaser = '%s'";
+ $set[] = "teaser = ?";
$args[] = $node->teaser;
}
$node->body = _update_178_url_fix($node->body);
if ($node->body !== FALSE) {
- $set[] = "body = '%s'";
+ $set[] = "body = ?";
$args[] = $node->body;
}
if (count($set)) {
$args[] = $node->vid;
- db_query('UPDATE {node_revisions} SET '. implode(', ', $set) .' WHERE vid = %d', $args);
+ db_query('UPDATE {node_revisions} SET '. implode(', ', $set) .' WHERE vid = ?', $args);
}
}
@@ -2131,12 +2131,12 @@
}
// Custom Blocks (too small for multipart)
- $format_string = '('. substr(str_repeat('%d, ', count($formats)), 0, -2) .')';
+ $format_string = '('. substr(str_repeat('?, ', count($formats)), 0, -2) .')';
$result = db_query("SELECT bid, body FROM {boxes} WHERE format IN ". $format_string, array_keys($formats));
while ($block = db_fetch_object($result)) {
$block->body = _update_178_url_fix($block->body);
if ($block->body !== FALSE) {
- db_query("UPDATE {boxes} SET body = '%s' WHERE bid = %d", $block->body, $block->bid);
+ db_query("UPDATE {boxes} SET body = ? WHERE bid = ?", $block->body, $block->bid);
}
}
@@ -2170,7 +2170,7 @@
// Begin multi-part update for profiles
$_SESSION['system_update_179_fields'] = $fields;
- $_SESSION['system_update_179_field_string'] = '('. substr(str_repeat('%d, ', count($fields)), 0, -2) .')';
+ $_SESSION['system_update_179_field_string'] = '('. substr(str_repeat('?, ', count($fields)), 0, -2) .')';
$_SESSION['system_update_179_uid'] = 0;
$_SESSION['system_update_179_fid'] = 0;
$_SESSION['system_update_179_max'] = db_result(db_query('SELECT MAX(uid) FROM {profile_values} WHERE fid IN '. $_SESSION['system_update_179_field_string'], $_SESSION['system_update_179_fields']));
@@ -2179,7 +2179,7 @@
// Fetch next 20 profile values to convert
$limit = 20;
$args = array_merge(array($_SESSION['system_update_179_uid'], $_SESSION['system_update_179_fid'], $_SESSION['system_update_179_uid']), $_SESSION['system_update_179_fields']);
- $result = db_query_range("SELECT fid, uid, value FROM {profile_values} WHERE ((uid = %d AND fid > %d) OR uid > %d) AND fid IN ". $_SESSION['system_update_179_field_string'] .' ORDER BY uid ASC, fid ASC', $args, 0, $limit);
+ $result = db_query_range("SELECT fid, uid, value FROM {profile_values} WHERE ((uid = ? AND fid > ?) OR uid > ?) AND fid IN ". $_SESSION['system_update_179_field_string'] .' ORDER BY uid ASC, fid ASC', $args, 0, $limit);
$has_rows = FALSE;
while ($field = db_fetch_object($result)) {
@@ -2187,7 +2187,7 @@
$_SESSION['system_update_179_fid'] = $field->fid;
$field->value = _update_178_url_fix($field->value);
if ($field->value !== FALSE) {
- db_query("UPDATE {profile_values} SET value = '%s' WHERE uid = %d AND fid = %d", $field->value, $field->uid, $field->fid);
+ db_query("UPDATE {profile_values} SET value = ? WHERE uid = ? AND fid = ?", $field->value, $field->uid, $field->fid);
}
$has_rows = TRUE;
}
@@ -2463,9 +2463,9 @@
$query = db_query('SELECT type FROM {node_type}');
while ($result = db_fetch_object($query)) {
$variable_name = 'minimum_'. $result->type .'_size';
- if ($value = db_fetch_object(db_query("SELECT value FROM {variable} WHERE name = '%s'", $variable_name))) {
+ if ($value = db_fetch_object(db_query("SELECT value FROM {variable} WHERE name = ?", $variable_name))) {
$value = (int) unserialize($value->value);
- db_query("UPDATE {node_type} SET min_word_count = %d, modified = %d WHERE type = '%s'", $value, 1, $result->type);
+ db_query("UPDATE {node_type} SET min_word_count = ?, modified = ? WHERE type = ?", $value, 1, $result->type);
variable_del($variable_name);
}
}
@@ -2490,7 +2490,7 @@
// Migrate custom block titles to new column.
$boxes = db_query('SELECT bid, title from {boxes}');
while ($box = db_fetch_object($boxes)) {
- db_query("UPDATE {blocks} SET title = '%s' WHERE delta = %d and module = 'block'", $box->title, $box->bid);
+ db_query("UPDATE {blocks} SET title = ? WHERE delta = ? and module = 'block'", $box->title, $box->bid);
}
switch ($GLOBALS['db_type']) {
case 'mysql':
@@ -2765,7 +2765,7 @@
// Update all entries with the current revision number.
$nodes = db_query('SELECT nid, vid FROM {node}');
while ($node = db_fetch_object($nodes)) {
- db_query('UPDATE {term_node} SET vid = %d WHERE nid = %d', $node->vid, $node->nid);
+ db_query('UPDATE {term_node} SET vid = ? WHERE nid = ?', $node->vid, $node->nid);
}
return $ret;
}
@@ -2930,7 +2930,7 @@
$format = db_result(db_query("SELECT MAX(format) FROM {filter_formats}"));
// Enable the PHP evaluator filter.
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, 'php', 0, 0)", $format);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, 'php', 0, 0)", $format);
// If any other input formats use the PHP evaluator, update them accordingly.
$ret[] = update_sql("UPDATE {filters} SET delta = 0, module = 'php' WHERE module = 'filter' AND delta = 1");
@@ -2941,7 +2941,7 @@
$ret[] = update_sql("UPDATE {filters} SET delta = 2 WHERE module = 'filter' AND delta = 3");
// Update any nodes associated with the PHP input format.
- db_query("UPDATE {node_revisions} SET format = %d WHERE format = 2", $format);
+ db_query("UPDATE {node_revisions} SET format = ? WHERE format = 2", $format);
return $ret;
}
@@ -3128,8 +3128,8 @@
// Otherwise, find any format with 'HTML' in its name and add the filter at the end.
$result = db_query("SELECT format FROM {filter_formats} WHERE name LIKE '%HTML%'");
while ($format = db_fetch_object($result)) {
- $weight = db_result(db_query("SELECT MAX(weight) FROM {filters} WHERE format = %d", $format->format));
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", $format->format, 'filter', 3, max(10, $weight + 1));
+ $weight = db_result(db_query("SELECT MAX(weight) FROM {filters} WHERE format = ?", $format->format));
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", $format->format, 'filter', 3, max(10, $weight + 1));
}
return $ret;
@@ -3384,12 +3384,12 @@
);
// Save user-defined titles.
foreach (array($primary, $secondary) as $mid) {
- if ($item = db_fetch_array(db_query('SELECT * FROM {menu} WHERE mid = %d', $mid))) {
+ if ($item = db_fetch_array(db_query('SELECT * FROM {menu} WHERE mid = ?', $mid))) {
$menus[$_SESSION['menu_menu_map'][$mid]]['title'] = $item['title'];
}
}
foreach ($menus as $menu) {
- db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES ('%s', '%s', '%s')", $menu);
+ db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES (?, ?, ?)", $menu);
}
menu_rebuild();
$_SESSION['system_update_6021'] = 0;
@@ -3404,12 +3404,12 @@
// Let's climb up until we find an item with a converted parent.
$item_original = $item;
while ($item && !isset($_SESSION['menu_item_map'][$item['pid']])) {
- $item = db_fetch_array(db_query('SELECT * FROM {menu} WHERE mid = %d', $item['pid']));
+ $item = db_fetch_array(db_query('SELECT * FROM {menu} WHERE mid = ?', $item['pid']));
}
// This can only occur if the menu entry is a leftover in the menu table.
// These do not appear in Drupal 5 anyways, so we skip them.
if (!$item) {
- db_query('UPDATE {menu} SET converted = %d WHERE mid = %d', 1, $item_original['mid']);
+ db_query('UPDATE {menu} SET converted = ? WHERE mid = ?', 1, $item_original['mid']);
$_SESSION['system_update_6021']++;
continue;
}
@@ -3447,7 +3447,7 @@
}
$item['updated'] = TRUE;
// Save the link.
- if ($existing_item = db_fetch_array(db_query("SELECT mlid, menu_name FROM {menu_links} WHERE link_path = '%s' AND plid = '%s' AND link_title = '%s' AND menu_name = '%s'", $item['link_path'], $item['plid'], $item['link_title'], $item['menu_name']))) {
+ if ($existing_item = db_fetch_array(db_query("SELECT mlid, menu_name FROM {menu_links} WHERE link_path = ? AND plid = ? AND link_title = ? AND menu_name = ?", $item['link_path'], $item['plid'], $item['link_title'], $item['menu_name']))) {
$_SESSION['menu_item_map'][$item['mid']] = $existing_item;
}
else {
@@ -3462,7 +3462,7 @@
$item['menu_name'] = substr($item['menu_name'], 0, 20);
$original_menu_name = $item['menu_name'];
$i = 0;
- while (db_result(db_query("SELECT menu_name FROM {menu_custom} WHERE menu_name = '%s'", $item['menu_name']))) {
+ while (db_result(db_query("SELECT menu_name FROM {menu_custom} WHERE menu_name = ?", $item['menu_name']))) {
$item['menu_name'] = $original_menu_name . ($i++);
}
if ($item['path']) {
@@ -3472,12 +3472,12 @@
}
else {
// Add this menu to the list of custom menus.
- db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES ('%s', '%s', '')", $item['menu_name'], $item['title']);
+ db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES (?, ?, '')", $item['menu_name'], $item['title']);
}
$_SESSION['menu_menu_map'][$item['mid']] = $item['menu_name'];
$_SESSION['menu_item_map'][$item['mid']] = FALSE;
}
- db_query('UPDATE {menu} SET converted = %d WHERE mid = %d', 1, $item['mid']);
+ db_query('UPDATE {menu} SET converted = ? WHERE mid = ?', 1, $item['mid']);
$_SESSION['system_update_6021']++;
}
Index: sites/default/default.settings.php
===================================================================
RCS file: /cvs/drupal/drupal/sites/default/default.settings.php,v
retrieving revision 1.3
diff -u -r1.3 default.settings.php
--- sites/default/default.settings.php 28 Aug 2007 11:42:56 -0000 1.3
+++ sites/default/default.settings.php 5 Oct 2007 07:23:51 -0000
@@ -87,7 +87,6 @@
*
* Database URL format:
* $db_url = 'mysql://username:password@localhost/databasename';
- * $db_url = 'mysqli://username:password@localhost/databasename';
* $db_url = 'pgsql://username:password@localhost/databasename';
*/
$db_url = 'mysql://username:password@localhost/databasename';
Index: modules/poll/poll.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/poll/poll.module,v
retrieving revision 1.242
diff -u -r1.242 poll.module
--- modules/poll/poll.module 6 Sep 2007 12:18:01 -0000 1.242
+++ modules/poll/poll.module 5 Oct 2007 07:23:48 -0000
@@ -143,7 +143,7 @@
function poll_cron() {
$result = db_query('SELECT p.nid FROM {poll} p INNER JOIN {node} n ON p.nid = n.nid WHERE (n.created + p.runtime) < '. time() .' AND p.active = 1 AND p.runtime != 0');
while ($poll = db_fetch_object($result)) {
- db_query("UPDATE {poll} SET active = 0 WHERE nid = %d", $poll->nid);
+ db_query("UPDATE {poll} SET active = 0 WHERE nid = ?", $poll->nid);
}
}
@@ -296,9 +296,9 @@
global $user;
// Load the appropriate choices into the $node object
- $poll = db_fetch_object(db_query("SELECT runtime, active FROM {poll} WHERE nid = %d", $node->nid));
+ $poll = db_fetch_object(db_query("SELECT runtime, active FROM {poll} WHERE nid = ?", $node->nid));
- $result = db_query("SELECT chtext, chvotes, chorder FROM {poll_choices} WHERE nid = %d ORDER BY chorder", $node->nid);
+ $result = db_query("SELECT chtext, chvotes, chorder FROM {poll_choices} WHERE nid = ? ORDER BY chorder", $node->nid);
while ($choice = db_fetch_array($result)) {
$poll->choice[$choice['chorder']] = $choice;
}
@@ -307,10 +307,10 @@
$poll->allowvotes = FALSE;
if (user_access('vote on polls') && $poll->active) {
if ($user->uid) {
- $result = db_fetch_object(db_query('SELECT chorder FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid));
+ $result = db_fetch_object(db_query('SELECT chorder FROM {poll_votes} WHERE nid = ? AND uid = ?', $node->nid, $user->uid));
}
else {
- $result = db_fetch_object(db_query("SELECT chorder FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, ip_address()));
+ $result = db_fetch_object(db_query("SELECT chorder FROM {poll_votes} WHERE nid = ? AND hostname = ?", $node->nid, ip_address()));
}
if (isset($result->chorder)) {
$poll->vote = $result->chorder;
@@ -335,12 +335,12 @@
$node->active = 1;
}
- db_query("INSERT INTO {poll} (nid, runtime, active) VALUES (%d, %d, %d)", $node->nid, $node->runtime, $node->active);
+ db_query("INSERT INTO {poll} (nid, runtime, active) VALUES (?, ?, ?)", $node->nid, $node->runtime, $node->active);
$i = 0;
foreach ($node->choice as $choice) {
if ($choice['chtext'] != '') {
- db_query("INSERT INTO {poll_choices} (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, $choice['chtext'], $choice['chvotes'], $i++);
+ db_query("INSERT INTO {poll_choices} (nid, chtext, chvotes, chorder) VALUES (?, ?, ?, ?)", $node->nid, $choice['chtext'], $choice['chvotes'], $i++);
}
}
}
@@ -349,10 +349,10 @@
* Implementation of hook_update().
*/
function poll_update($node) {
- db_query('UPDATE {poll} SET runtime = %d, active = %d WHERE nid = %d', $node->runtime, $node->active, $node->nid);
+ db_query('UPDATE {poll} SET runtime = ?, active = ? WHERE nid = ?', $node->runtime, $node->active, $node->nid);
- db_query('DELETE FROM {poll_choices} WHERE nid = %d', $node->nid);
- db_query('DELETE FROM {poll_votes} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {poll_choices} WHERE nid = ?', $node->nid);
+ db_query('DELETE FROM {poll_votes} WHERE nid = ?', $node->nid);
$i = 0;
foreach ($node->choice as $choice) {
@@ -360,7 +360,7 @@
$chtext = $choice['chtext'];
if ($chtext != '') {
- db_query("INSERT INTO {poll_choices} (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, $chtext, $chvotes, $i++);
+ db_query("INSERT INTO {poll_choices} (nid, chtext, chvotes, chorder) VALUES (?, ?, ?, ?)", $node->nid, $chtext, $chvotes, $i++);
}
}
}
@@ -369,9 +369,9 @@
* Implementation of hook_delete().
*/
function poll_delete($node) {
- db_query("DELETE FROM {poll} WHERE nid = %d", $node->nid);
- db_query("DELETE FROM {poll_choices} WHERE nid = %d", $node->nid);
- db_query("DELETE FROM {poll_votes} WHERE nid = %d", $node->nid);
+ db_query("DELETE FROM {poll} WHERE nid = ?", $node->nid);
+ db_query("DELETE FROM {poll_choices} WHERE nid = ?", $node->nid);
+ db_query("DELETE FROM {poll_votes} WHERE nid = ?", $node->nid);
}
/**
@@ -475,14 +475,14 @@
global $user;
if ($user->uid) {
- db_query('INSERT INTO {poll_votes} (nid, chorder, uid) VALUES (%d, %d, %d)', $node->nid, $choice, $user->uid);
+ db_query('INSERT INTO {poll_votes} (nid, chorder, uid) VALUES (?, ?, ?)', $node->nid, $choice, $user->uid);
}
else {
- db_query("INSERT INTO {poll_votes} (nid, chorder, hostname) VALUES (%d, %d, '%s')", $node->nid, $choice, ip_address());
+ db_query("INSERT INTO {poll_votes} (nid, chorder, hostname) VALUES (?, ?, ?)", $node->nid, $choice, ip_address());
}
// Add one to the votes.
- db_query("UPDATE {poll_choices} SET chvotes = chvotes + 1 WHERE nid = %d AND chorder = %d", $node->nid, $choice);
+ db_query("UPDATE {poll_choices} SET chvotes = chvotes + 1 WHERE nid = ? AND chorder = ?", $node->nid, $choice);
cache_clear_all();
drupal_set_message(t('Your vote was recorded.'));
@@ -602,14 +602,14 @@
global $user;
if ($user->uid) {
- db_query('DELETE FROM {poll_votes} WHERE nid = %d and uid = %d', $node->nid, $user->uid);
+ db_query('DELETE FROM {poll_votes} WHERE nid = ? and uid = ?', $node->nid, $user->uid);
}
else {
- db_query("DELETE FROM {poll_votes} WHERE nid = %d and hostname = '%s'", $node->nid, ip_address());
+ db_query("DELETE FROM {poll_votes} WHERE nid = ? and hostname = ?", $node->nid, ip_address());
}
// Subtract from the votes.
- db_query("UPDATE {poll_choices} SET chvotes = chvotes - 1 WHERE nid = %d AND chorder = %d", $node->nid, $node->vote);
+ db_query("UPDATE {poll_choices} SET chvotes = chvotes - 1 WHERE nid = ? AND chorder = ?", $node->nid, $node->vote);
}
/**
@@ -617,6 +617,6 @@
*/
function poll_user($op, &$edit, &$user) {
if ($op == 'delete') {
- db_query('UPDATE {poll_votes} SET uid = 0 WHERE uid = %d', $user->uid);
+ db_query('UPDATE {poll_votes} SET uid = 0 WHERE uid = ?', $user->uid);
}
}
Index: modules/poll/poll.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/poll/poll.pages.inc,v
retrieving revision 1.1
diff -u -r1.1 poll.pages.inc
--- modules/poll/poll.pages.inc 5 Sep 2007 08:33:16 -0000 1.1
+++ modules/poll/poll.pages.inc 5 Oct 2007 07:23:48 -0000
@@ -35,7 +35,7 @@
$header[] = array('data' => t('Visitor'), 'field' => 'u.name');
$header[] = array('data' => t('Vote'), 'field' => 'pv.chorder');
- $result = pager_query("SELECT pv.chorder, pv.uid, pv.hostname, u.name FROM {poll_votes} pv LEFT JOIN {users} u ON pv.uid = u.uid WHERE pv.nid = %d" . tablesort_sql($header), 20, 0, NULL, $node->nid);
+ $result = pager_query("SELECT pv.chorder, pv.uid, pv.hostname, u.name FROM {poll_votes} pv LEFT JOIN {users} u ON pv.uid = u.uid WHERE pv.nid = ?" . tablesort_sql($header), 20, 0, NULL, $node->nid);
$rows = array();
while ($vote = db_fetch_object($result)) {
$rows[] = array(
Index: modules/dblog/dblog.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/dblog/dblog.admin.inc,v
retrieving revision 1.3
diff -u -r1.3 dblog.admin.inc
--- modules/dblog/dblog.admin.inc 5 Sep 2007 08:42:01 -0000 1.3
+++ modules/dblog/dblog.admin.inc 5 Oct 2007 07:23:48 -0000
@@ -98,7 +98,7 @@
array('data' => t('Message'), 'field' => 'message')
);
- $result = pager_query("SELECT COUNT(wid) AS count, message, variables FROM {watchdog} WHERE type = '%s' GROUP BY message, variables ". tablesort_sql($header), 30, 0, "SELECT COUNT(DISTINCT(message)) FROM {watchdog} WHERE type = '%s'", $type);
+ $result = pager_query("SELECT COUNT(wid) AS count, message, variables FROM {watchdog} WHERE type = ? GROUP BY message, variables ". tablesort_sql($header), 30, 0, "SELECT COUNT(DISTINCT(message)) FROM {watchdog} WHERE type = ?", $type);
$rows = array();
while ($dblog = db_fetch_object($result)) {
@@ -121,7 +121,7 @@
function dblog_event($id) {
$severity = watchdog_severity_levels();
$output = '';
- $result = db_query('SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid WHERE w.wid = %d', $id);
+ $result = db_query('SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid WHERE w.wid = ?', $id);
if ($dblog = db_fetch_object($result)) {
$rows = array(
array(
@@ -211,14 +211,14 @@
if (!empty($types)) {
$filters['type'] = array(
'title' => t('Type'),
- 'where' => "w.type = '%s'",
+ 'where' => "w.type = ?",
'options' => $types,
);
}
$filters['severity'] = array(
'title' => t('Severity'),
- 'where' => 'w.severity = %d',
+ 'where' => 'w.severity = ?',
'options' => watchdog_severity_levels(),
);
Index: modules/dblog/dblog.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/dblog/dblog.module,v
retrieving revision 1.15
diff -u -r1.15 dblog.module
--- modules/dblog/dblog.module 2 Oct 2007 07:05:43 -0000 1.15
+++ modules/dblog/dblog.module 5 Oct 2007 07:23:48 -0000
@@ -98,7 +98,7 @@
function dblog_cron() {
// Cleanup the watchdog table
$max = db_result(db_query('SELECT MAX(wid) FROM {watchdog}'));
- db_query('DELETE FROM {watchdog} WHERE wid < %d', $max - variable_get('dblog_row_limit', 1000));
+ db_query('DELETE FROM {watchdog} WHERE wid < ?', $max - variable_get('dblog_row_limit', 1000));
}
/**
@@ -106,7 +106,7 @@
*/
function dblog_user($op, &$edit, &$user) {
if ($op == 'delete') {
- db_query('UPDATE {watchdog} SET uid = 0 WHERE uid = %d', $user->uid);
+ db_query('UPDATE {watchdog} SET uid = 0 WHERE uid = ?', $user->uid);
}
}
@@ -125,8 +125,8 @@
$current_db = db_set_active();
db_query("INSERT INTO {watchdog}
(uid, type, message, variables, severity, link, location, referer, hostname, timestamp)
- VALUES
- (%d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', %d)",
+ VALUES
+ (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
$log['user']->uid,
$log['type'],
$log['message'],
Index: modules/openid/openid.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/openid/openid.module,v
retrieving revision 1.6
diff -u -r1.6 openid.module
--- modules/openid/openid.module 25 Sep 2007 14:52:55 -0000 1.6
+++ modules/openid/openid.module 5 Oct 2007 07:23:48 -0000
@@ -286,10 +286,10 @@
include_once drupal_get_path('module', 'openid') .'/openid.inc';
// Remove Old Associations:
- db_query("DELETE FROM {openid_association} WHERE created + expires_in < %d", time());
+ db_query("DELETE FROM {openid_association} WHERE created + expires_in < ?", time());
// Check to see if we have an association for this IdP already
- $assoc_handle = db_result(db_query("SELECT assoc_handle FROM {openid_association} WHERE idp_endpoint_uri = '%s'", $op_endpoint));
+ $assoc_handle = db_result(db_query("SELECT assoc_handle FROM {openid_association} WHERE idp_endpoint_uri = ?", $op_endpoint));
if (empty($assoc_handle)) {
$mod = OPENID_DH_DEFAULT_MOD;
$gen = OPENID_DH_DEFAULT_GEN;
@@ -317,7 +317,7 @@
$shared = bcpowmod($spub, $private, $mod);
$assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key));
}
- db_query("INSERT INTO {openid_association} (idp_endpoint_uri, session_type, assoc_handle, assoc_type, expires_in, mac_key, created) VALUES('%s', '%s', '%s', '%s', %d, '%s', %d)",
+ db_query("INSERT INTO {openid_association} (idp_endpoint_uri, session_type, assoc_handle, assoc_type, expires_in, mac_key, created) VALUES(?, ?, ?, ?, ?, ?, ?)",
$op_endpoint, $assoc_response['session_type'], $assoc_response['assoc_handle'], $assoc_response['assoc_type'], $assoc_response['expires_in'], $assoc_response['mac_key'], time());
$assoc_handle = $assoc_response['assoc_handle'];
@@ -442,7 +442,7 @@
$valid = FALSE;
- $association = db_fetch_object(db_query("SELECT * FROM {openid_association} WHERE assoc_handle = '%s'", $response['openid.assoc_handle']));
+ $association = db_fetch_object(db_query("SELECT * FROM {openid_association} WHERE assoc_handle = ?", $response['openid.assoc_handle']));
if ($association && isset($association->session_type)) {
$keys_to_sign = explode(',', $response['openid.signed']);
$self_sig = _openid_signature($association, $response, $keys_to_sign);
Index: modules/openid/openid.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/openid/openid.pages.inc,v
retrieving revision 1.1
diff -u -r1.1 openid.pages.inc
--- modules/openid/openid.pages.inc 19 Aug 2007 09:48:33 -0000 1.1
+++ modules/openid/openid.pages.inc 5 Oct 2007 07:23:48 -0000
@@ -33,14 +33,14 @@
// Check to see if we got a response
$result = openid_complete($_REQUEST);
if ($result['status'] == 'success') {
- db_query("INSERT INTO {authmap} (uid, authname, module) VALUES (%d, '%s','openid')", $account->uid, $result['openid.identity']);
+ db_query("INSERT INTO {authmap} (uid, authname, module) VALUES (?, ?,'openid')", $account->uid, $result['openid.identity']);
drupal_set_message(t('Successfully added %identity', array('%identity' => $result['openid.identity'])));
}
$header = array(t('OpenID'), t('Operations'));
$rows = array();
- $result = db_query("SELECT * FROM {authmap} WHERE module='openid' AND uid=%d", $account->uid);
+ $result = db_query("SELECT * FROM {authmap} WHERE module='openid' AND uid=?", $account->uid);
while ($identity = db_fetch_object($result)) {
$rows[] = array($identity->authname, l(t('Delete'), 'user/'. $account->uid .'/openid/delete/'. $identity->aid));
}
@@ -68,7 +68,7 @@
function openid_user_add_validate($form, &$form_state) {
// Check for existing entries.
$claimed_id = _openid_normalize($form_state['values']['openid_url']);
- if (db_result(db_query("SELECT authname FROM {authmap} WHERE authname='%s'", $claimed_id))) {
+ if (db_result(db_query("SELECT authname FROM {authmap} WHERE authname=?", $claimed_id))) {
form_set_error('openid_url', t('That OpenID is already in use on this site.'));
}
else {
@@ -81,8 +81,8 @@
* Menu callback; Delete the specified OpenID identity from the system.
*/
function openid_user_delete($account, $aid = 0) {
- db_query("DELETE FROM {authmap} WHERE uid=%d AND aid=%d AND module='openid'", $account->uid, $aid);
- if (db_affected_rows()) {
+ $result = db_query("DELETE FROM {authmap} WHERE uid=? AND aid=? AND module='openid'", $account->uid, $aid);
+ if (db_affected_rows($result)) {
drupal_set_message(t('OpenID deleted.'));
}
drupal_goto('user/'. $account->uid .'/openid');
Index: modules/node/node.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.admin.inc,v
retrieving revision 1.6
diff -u -r1.6 node.admin.inc
--- modules/node/node.admin.inc 3 Oct 2007 17:35:22 -0000 1.6
+++ modules/node/node.admin.inc 5 Oct 2007 07:23:48 -0000
@@ -162,17 +162,17 @@
case 'status':
// Note: no exploitable hole as $key/$value have already been checked when submitted
list($key, $value) = explode('-', $value, 2);
- $where[] = 'n.'. $key .' = %d';
+ $where[] = 'n.'. $key .' = ?';
break;
case 'category':
$table = "tn$index";
- $where[] = "$table.tid = %d";
+ $where[] = "$table.tid = ?";
$join .= "INNER JOIN {term_node} $table ON n.nid = $table.nid ";
break;
case 'type':
- $where[] = "n.type = '%s'";
+ $where[] = "n.type = ?";
case 'language':
- $where[] = "n.language = '%s'";
+ $where[] = "n.language = ?";
}
$args[] = $value;
}
@@ -450,7 +450,7 @@
$form['nodes'] = array('#prefix' => '', '#tree' => TRUE);
// array_filter returns only elements with TRUE values
foreach ($nodes as $nid => $value) {
- $title = db_result(db_query('SELECT title FROM {node} WHERE nid = %d', $nid));
+ $title = db_result(db_query('SELECT title FROM {node} WHERE nid = ?', $nid));
$form['nodes'][$nid] = array('#type' => 'hidden', '#value' => $nid, '#prefix' => '- ', '#suffix' => check_plain($title) ."
\n");
}
$form['operation'] = array('#type' => 'hidden', '#value' => 'delete');
Index: modules/node/content_types.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/content_types.inc,v
retrieving revision 1.41
diff -u -r1.41 content_types.inc
--- modules/node/content_types.inc 25 Sep 2007 12:07:14 -0000 1.41
+++ modules/node/content_types.inc 5 Oct 2007 07:23:48 -0000
@@ -382,7 +382,7 @@
$message = t('Are you sure you want to delete the content type %type?', array('%type' => $type->name));
$caption = '';
- $num_nodes = db_result(db_query("SELECT COUNT(*) FROM {node} WHERE type = '%s'", $type->type));
+ $num_nodes = db_result(db_query("SELECT COUNT(*) FROM {node} WHERE type = ?", $type->type));
if ($num_nodes) {
$caption .= ''. format_plural($num_nodes, 'Warning: there is currently 1 %type post on your site. It may not be able to be displayed or edited correctly, once you have removed this content type.', 'Warning: there are currently @count %type posts on your site. They may not be able to be displayed or edited correctly, once you have removed this content type.', array('%type' => $type->name)) .'
';
}
Index: modules/node/node.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.pages.inc,v
retrieving revision 1.4
diff -u -r1.4 node.pages.inc
--- modules/node/node.pages.inc 27 Sep 2007 12:56:04 -0000 1.4
+++ modules/node/node.pages.inc 5 Oct 2007 07:23:48 -0000
@@ -571,7 +571,7 @@
if ($revision != $node->vid) {
$node = node_load($nid, $revision);
- db_query("DELETE FROM {node_revisions} WHERE nid = %d AND vid = %d", $nid, $revision);
+ db_query("DELETE FROM {node_revisions} WHERE nid = ? AND vid = ?", $nid, $revision);
node_invoke_nodeapi($node, 'delete revision');
drupal_set_message(t('Deleted %title revision %revision.', array('%title' => $node->title, '%revision' => $revision)));
watchdog('content', '@type: deleted %title revision %revision.', array('@type' => $node->type, '%title' => $node->title, '%revision' => $revision));
@@ -580,7 +580,7 @@
else {
drupal_set_message(t('Deletion failed. You tried to delete the current revision.'));
}
- if (db_result(db_query('SELECT COUNT(vid) FROM {node_revisions} WHERE nid = %d', $nid)) > 1) {
+ if (db_result(db_query('SELECT COUNT(vid) FROM {node_revisions} WHERE nid = ?', $nid)) > 1) {
drupal_goto("node/$nid/revisions");
}
else {
Index: modules/node/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.module,v
retrieving revision 1.890
diff -u -r1.890 node.module
--- modules/node/node.module 3 Oct 2007 17:35:22 -0000 1.890
+++ modules/node/node.module 5 Oct 2007 07:23:48 -0000
@@ -119,7 +119,7 @@
* Implementation of hook_cron().
*/
function node_cron() {
- db_query('DELETE FROM {history} WHERE timestamp < %d', NODE_NEW_LIMIT);
+ db_query('DELETE FROM {history} WHERE timestamp < ?', NODE_NEW_LIMIT);
}
/**
@@ -163,10 +163,10 @@
if ($user->uid) {
if (node_last_viewed($nid)) {
- db_query('UPDATE {history} SET timestamp = %d WHERE uid = %d AND nid = %d', time(), $user->uid, $nid);
+ db_query('UPDATE {history} SET timestamp = ? WHERE uid = ? AND nid = ?', time(), $user->uid, $nid);
}
else {
- @db_query('INSERT INTO {history} (uid, nid, timestamp) VALUES (%d, %d, %d)', $user->uid, $nid, time());
+ @db_query('INSERT INTO {history} (uid, nid, timestamp) VALUES (?, ?, ?)', $user->uid, $nid, time());
}
}
}
@@ -180,7 +180,7 @@
static $history;
if (!isset($history[$nid])) {
- $history[$nid] = db_fetch_object(db_query("SELECT timestamp FROM {history} WHERE uid = %d AND nid = %d", $user->uid, $nid));
+ $history[$nid] = db_fetch_object(db_query("SELECT timestamp FROM {history} WHERE uid = ? AND nid = ?", $user->uid, $nid));
}
return (isset($history[$nid]->timestamp) ? $history[$nid]->timestamp : 0);
@@ -404,7 +404,7 @@
function node_type_save($info) {
$is_existing = FALSE;
$existing_type = !empty($info->old_type) ? $info->old_type : $info->type;
- $is_existing = db_result(db_query("SELECT COUNT(*) FROM {node_type} WHERE type = '%s'", $existing_type));
+ $is_existing = db_result(db_query("SELECT COUNT(*) FROM {node_type} WHERE type = ?", $existing_type));
if (!isset($info->help)) {
$info->help = '';
}
@@ -416,13 +416,13 @@
}
if ($is_existing) {
- db_query("UPDATE {node_type} SET type = '%s', name = '%s', module = '%s', has_title = %d, title_label = '%s', has_body = %d, body_label = '%s', description = '%s', help = '%s', min_word_count = %d, custom = %d, modified = %d, locked = %d WHERE type = '%s'", $info->type, $info->name, $info->module, $info->has_title, $info->title_label, $info->has_body, $info->body_label, $info->description, $info->help, $info->min_word_count, $info->custom, $info->modified, $info->locked, $existing_type);
+ db_query("UPDATE {node_type} SET type = ?, name = ?, module = ?, has_title = ?, title_label = ?, has_body = ?, body_label = ?, description = ?, help = ?, min_word_count = ?, custom = ?, modified = ?, locked = ? WHERE type = ?", $info->type, $info->name, $info->module, $info->has_title, $info->title_label, $info->has_body, $info->body_label, $info->description, $info->help, $info->min_word_count, $info->custom, $info->modified, $info->locked, $existing_type);
module_invoke_all('node_type', 'update', $info);
return SAVED_UPDATED;
}
else {
- db_query("INSERT INTO {node_type} (type, name, module, has_title, title_label, has_body, body_label, description, help, min_word_count, custom, modified, locked, orig_type) VALUES ('%s', '%s', '%s', %d, '%s', %d, '%s', '%s', '%s', %d, %d, %d, %d, '%s')", $info->type, $info->name, $info->module, $info->has_title, $info->title_label, $info->has_body, $info->body_label, $info->description, $info->help, $info->min_word_count, $info->custom, $info->modified, $info->locked, $info->orig_type);
+ db_query("INSERT INTO {node_type} (type, name, module, has_title, title_label, has_body, body_label, description, help, min_word_count, custom, modified, locked, orig_type) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $info->type, $info->name, $info->module, $info->has_title, $info->title_label, $info->has_body, $info->body_label, $info->description, $info->help, $info->min_word_count, $info->custom, $info->modified, $info->locked, $info->orig_type);
module_invoke_all('node_type', 'insert', $info);
return SAVED_NEW;
@@ -436,7 +436,7 @@
* The machine-readable name of the node type to be deleted.
*/
function node_type_delete($type) {
- db_query("DELETE FROM {node_type} WHERE type = '%s'", $type);
+ db_query("DELETE FROM {node_type} WHERE type = ?", $type);
$info = node_get_types('type', $type);
module_invoke_all('node_type', 'delete', $info);
@@ -454,8 +454,8 @@
* The number of nodes whose node type field was modified.
*/
function node_type_update_nodes($old_type, $type) {
- db_query("UPDATE {node} SET type = '%s' WHERE type = '%s'", $type, $old_type);
- return db_affected_rows();
+ $result = db_query("UPDATE {node} SET type = ? WHERE type = ?", $type, $old_type);
+ return db_affected_rows($result);
}
/**
@@ -637,13 +637,13 @@
return is_object($nodes[$param]) ? drupal_clone($nodes[$param]) : $nodes[$param];
}
}
- $cond = 'n.nid = %d';
+ $cond = 'n.nid = ?';
$arguments[] = $param;
}
elseif (is_array($param)) {
// Turn the conditions into a query.
foreach ($param as $key => $value) {
- $cond[] = 'n.'. db_escape_string($key) ." = '%s'";
+ $cond[] = 'n.'. db_escape_string($key) ." = ?";
$arguments[] = $value;
}
$cond = implode(' AND ', $cond);
@@ -664,7 +664,7 @@
// No db_rewrite_sql is applied so as to get complete indexing for search.
if ($revision) {
array_unshift($arguments, $revision);
- $node = db_fetch_object(db_query('SELECT '. $fields. ' FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond, $arguments));
+ $node = db_fetch_object(db_query('SELECT '. $fields. ' FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = ? WHERE '. $cond, $arguments));
}
else {
$node = db_fetch_object(db_query('SELECT '. $fields. ' FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond, $arguments));
@@ -824,7 +824,7 @@
$op = 'update';
}
if ($update_node) {
- db_query('UPDATE {node} SET vid = %d WHERE nid = %d', $node->vid, $node->nid);
+ db_query('UPDATE {node} SET vid = ? WHERE nid = ?', $node->vid, $node->nid);
}
// Call the node specific callback (if any):
@@ -846,8 +846,8 @@
$node = node_load($nid);
if (node_access('delete', $node)) {
- db_query('DELETE FROM {node} WHERE nid = %d', $node->nid);
- db_query('DELETE FROM {node_revisions} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {node} WHERE nid = ?', $node->nid);
+ db_query('DELETE FROM {node_revisions} WHERE nid = ?', $node->nid);
// Call the node-specific callback (if any):
node_invoke($node, 'delete');
@@ -1028,7 +1028,7 @@
$last = variable_get('node_cron_last', 0);
$last_nid = variable_get('node_cron_last_nid', 0);
$total = db_result(db_query('SELECT COUNT(*) FROM {node} WHERE status = 1'));
- $remaining = db_result(db_query('SELECT COUNT(*) FROM {node} n LEFT JOIN {node_comment_statistics} c ON n.nid = c.nid WHERE n.status = 1 AND ((GREATEST(n.created, n.changed, c.last_comment_timestamp) = %d AND n.nid > %d ) OR (n.created > %d OR n.changed > %d OR c.last_comment_timestamp > %d))', $last, $last_nid, $last, $last, $last));
+ $remaining = db_result(db_query('SELECT COUNT(*) FROM {node} n LEFT JOIN {node_comment_statistics} c ON n.nid = c.nid WHERE n.status = 1 AND ((GREATEST(n.created, n.changed, c.last_comment_timestamp) = ? AND n.nid > ? ) OR (n.created > ? OR n.changed > ? OR c.last_comment_timestamp > ?))', $last, $last_nid, $last, $last, $last));
return array('remaining' => $remaining, 'total' => $total);
case 'admin':
@@ -1063,7 +1063,7 @@
if ($type = search_query_extract($keys, 'type')) {
$types = array();
foreach (explode(',', $type) as $t) {
- $types[] = "n.type = '%s'";
+ $types[] = "n.type = ?";
$arguments1[] = $t;
}
$conditions1 .= ' AND ('. implode(' OR ', $types) .')';
@@ -1073,7 +1073,7 @@
if ($category = search_query_extract($keys, 'category')) {
$categories = array();
foreach (explode(',', $category) as $c) {
- $categories[] = "tn.tid = %d";
+ $categories[] = "tn.tid = ?";
$arguments1[] = $c;
}
$conditions1 .= ' AND ('. implode(' OR ', $categories) .')';
@@ -1091,13 +1091,13 @@
$total = 0;
if ($weight = (int)variable_get('node_rank_relevance', 5)) {
// Average relevance values hover around 0.15
- $ranking[] = '%d * i.relevance';
+ $ranking[] = '? * i.relevance';
$arguments2[] = $weight;
$total += $weight;
}
if ($weight = (int)variable_get('node_rank_recent', 5)) {
// Exponential decay with half-life of 6 months, starting at last indexed node
- $ranking[] = '%d * POW(2, (GREATEST(n.created, n.changed, c.last_comment_timestamp) - %d) * 6.43e-8)';
+ $ranking[] = '? * POW(2, (GREATEST(n.created, n.changed, c.last_comment_timestamp) - ?) * 6.43e-8)';
$arguments2[] = $weight;
$arguments2[] = (int)variable_get('node_cron_last', 0);
$join2 .= ' INNER JOIN {node} n ON n.nid = i.sid LEFT JOIN {node_comment_statistics} c ON c.nid = i.sid';
@@ -1107,7 +1107,7 @@
if (module_exists('comment') && $weight = (int)variable_get('node_rank_comments', 5)) {
// Inverse law that maps the highest reply count on the site to 1 and 0 to 0.
$scale = variable_get('node_cron_comments_scale', 0.0);
- $ranking[] = '%d * (2.0 - 2.0 / (1.0 + c.comment_count * %f))';
+ $ranking[] = '? * (2.0 - 2.0 / (1.0 + c.comment_count * %f))';
$arguments2[] = $weight;
$arguments2[] = $scale;
if (!$stats_join) {
@@ -1119,7 +1119,7 @@
$weight = (int)variable_get('node_rank_views', 5)) {
// Inverse law that maps the highest view count on the site to 1 and 0 to 0.
$scale = variable_get('node_cron_views_scale', 0.0);
- $ranking[] = '%d * (2.0 - 2.0 / (1.0 + nc.totalcount * %f))';
+ $ranking[] = '? * (2.0 - 2.0 / (1.0 + nc.totalcount * %f))';
$arguments2[] = $weight;
$arguments2[] = $scale;
$join2 .= ' LEFT JOIN {node_counter} nc ON nc.nid = i.sid';
@@ -1164,8 +1164,8 @@
*/
function node_user($op, &$edit, &$user) {
if ($op == 'delete') {
- db_query('UPDATE {node} SET uid = 0 WHERE uid = %d', $user->uid);
- db_query('UPDATE {node_revisions} SET uid = 0 WHERE uid = %d', $user->uid);
+ db_query('UPDATE {node} SET uid = 0 WHERE uid = ?', $user->uid);
+ db_query('UPDATE {node_revisions} SET uid = 0 WHERE uid = ?', $user->uid);
}
}
@@ -1192,7 +1192,7 @@
function node_comment_mode($nid) {
static $comment_mode;
if (!isset($comment_mode[$nid])) {
- $comment_mode[$nid] = db_result(db_query('SELECT comment FROM {node} WHERE nid = %d', $nid));
+ $comment_mode[$nid] = db_result(db_query('SELECT comment FROM {node} WHERE nid = ?', $nid));
}
return $comment_mode[$nid];
}
@@ -1219,7 +1219,7 @@
}
function _node_revision_access($node) {
- return (user_access('view revisions') || user_access('administer nodes')) && node_access('view', $node) && db_result(db_query('SELECT COUNT(vid) FROM {node_revisions} WHERE nid = %d', $node->nid)) > 1;
+ return (user_access('view revisions') || user_access('administer nodes')) && node_access('view', $node) && db_result(db_query('SELECT COUNT(vid) FROM {node_revisions} WHERE nid = ?', $node->nid)) > 1;
}
function _node_add_access() {
@@ -1390,7 +1390,7 @@
}
function node_last_changed($nid) {
- $node = db_fetch_object(db_query('SELECT changed FROM {node} WHERE nid = %d', $nid));
+ $node = db_fetch_object(db_query('SELECT changed FROM {node} WHERE nid = ?', $nid));
return ($node->changed);
}
@@ -1399,7 +1399,7 @@
*/
function node_revision_list($node) {
$revisions = array();
- $result = db_query('SELECT r.vid, r.title, r.log, r.uid, n.vid AS current_vid, r.timestamp, u.name FROM {node_revisions} r LEFT JOIN {node} n ON n.vid = r.vid INNER JOIN {users} u ON u.uid = r.uid WHERE r.nid = %d ORDER BY r.timestamp DESC', $node->nid);
+ $result = db_query('SELECT r.vid, r.title, r.log, r.uid, n.vid AS current_vid, r.timestamp, u.name FROM {node_revisions} r LEFT JOIN {node} n ON n.vid = r.vid INNER JOIN {users} u ON u.uid = r.uid WHERE r.nid = ? ORDER BY r.timestamp DESC', $node->nid);
while ($revision = db_fetch_object($result)) {
$revisions[$revision->vid] = $revision;
}
@@ -1590,7 +1590,7 @@
variable_set('node_cron_comments_scale', 1.0 / max(1, db_result(db_query('SELECT MAX(comment_count) FROM {node_comment_statistics}'))));
variable_set('node_cron_views_scale', 1.0 / max(1, db_result(db_query('SELECT MAX(totalcount) FROM {node_counter}'))));
- $result = db_query_range('SELECT GREATEST(IF(c.last_comment_timestamp IS NULL, 0, c.last_comment_timestamp), n.changed) as last_change, n.nid FROM {node} n LEFT JOIN {node_comment_statistics} c ON n.nid = c.nid WHERE n.status = 1 AND ((GREATEST(n.changed, c.last_comment_timestamp) = %d AND n.nid > %d) OR (n.changed > %d OR c.last_comment_timestamp > %d)) ORDER BY GREATEST(n.changed, c.last_comment_timestamp) ASC, n.nid ASC', $last, $last_nid, $last, $last, 0, $limit);
+ $result = db_query_range('SELECT GREATEST(IF(c.last_comment_timestamp IS NULL, 0, c.last_comment_timestamp), n.changed) as last_change, n.nid FROM {node} n LEFT JOIN {node_comment_statistics} c ON n.nid = c.nid WHERE n.status = 1 AND ((GREATEST(n.changed, c.last_comment_timestamp) = ? AND n.nid > ?) OR (n.changed > ? OR c.last_comment_timestamp > ?)) ORDER BY GREATEST(n.changed, c.last_comment_timestamp) ASC, n.nid ASC', $last, $last_nid, $last, $last, 0, $limit);
while ($node = db_fetch_object($result)) {
$last_change = $node->last_change;
@@ -1823,7 +1823,7 @@
$grants_sql = 'AND ('. implode(' OR ', $grants) .')';
}
- $sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) $grants_sql AND grant_$op >= 1";
+ $sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = ?) $grants_sql AND grant_$op >= 1";
$result = db_query($sql, $node->nid);
return (db_result($result));
}
@@ -2009,9 +2009,9 @@
*/
function node_access_write_grants($node, $grants, $realm = NULL, $delete = TRUE) {
if ($delete) {
- $query = 'DELETE FROM {node_access} WHERE nid = %d';
+ $query = 'DELETE FROM {node_access} WHERE nid = ?';
if ($realm) {
- $query .= " AND realm in ('%s', 'all')";
+ $query .= " AND realm in (?, 'all')";
}
db_query($query, $node->nid, $realm);
}
@@ -2024,7 +2024,7 @@
}
// Only write grants; denies are implicit.
if ($grant['grant_view'] || $grant['grant_update'] || $grant['grant_delete']) {
- db_query("INSERT INTO {node_access} (nid, realm, gid, grant_view, grant_update, grant_delete) VALUES (%d, '%s', %d, %d, %d, %d)", $node->nid, $grant['realm'], $grant['gid'], $grant['grant_view'], $grant['grant_update'], $grant['grant_delete']);
+ db_query("INSERT INTO {node_access} (nid, realm, gid, grant_view, grant_update, grant_delete) VALUES (?, ?, ?, ?, ?, ?)", $node->nid, $grant['realm'], $grant['gid'], $grant['grant_view'], $grant['grant_update'], $grant['grant_delete']);
}
}
}
@@ -2140,7 +2140,7 @@
// Process the next 20 nodes.
$limit = 20;
- $result = db_query_range("SELECT nid FROM {node} WHERE nid > %d ORDER BY nid ASC", $context['sandbox']['current_node'], 0, $limit);
+ $result = db_query_range("SELECT nid FROM {node} WHERE nid > ? ORDER BY nid ASC", $context['sandbox']['current_node'], 0, $limit);
while ($row = db_fetch_array($result)) {
$loaded_node = node_load($row['nid'], NULL, TRUE);
// To preserve database integrity, only aquire grants if the node
@@ -2447,7 +2447,7 @@
*/
function node_assign_owner_action(&$node, $context) {
$node->uid = $context['owner_uid'];
- $owner_name = db_result(db_query("SELECT name FROM {users} WHERE uid = %d", $context['owner_uid']));
+ $owner_name = db_result(db_query("SELECT name FROM {users} WHERE uid = ?", $context['owner_uid']));
watchdog('action', 'Changed owner of @type %title to uid %name.', array('@type' => node_get_types('type', $node), '%title' => $node->title, '%name' => $owner_name));
}
@@ -2456,7 +2456,7 @@
$count = db_result(db_query("SELECT COUNT(*) FROM {users}"));
$owner_name = '';
if (isset($context['owner_uid'])) {
- $owner_name = db_result(db_query("SELECT name FROM {users} WHERE uid = %d", $context['owner_uid']));
+ $owner_name = db_result(db_query("SELECT name FROM {users} WHERE uid = ?", $context['owner_uid']));
}
// Use dropdown for fewer than 200 users; textbox for more than that.
@@ -2489,7 +2489,7 @@
}
function node_assign_owner_action_validate($form, $form_state) {
- $count = db_result(db_query("SELECT COUNT(*) FROM {users} WHERE name = '%s'", $form_state['values']['owner_name']));
+ $count = db_result(db_query("SELECT COUNT(*) FROM {users} WHERE name = ?", $form_state['values']['owner_name']));
if (intval($count) != 1) {
form_set_error('owner_name', t('Please enter a valid username.'));
}
@@ -2497,7 +2497,7 @@
function node_assign_owner_action_submit($form, $form_state) {
// Username can change, so we need to store the ID, not the username.
- $uid = db_result(db_query("SELECT uid from {users} WHERE name = '%s'", $form_state['values']['owner_name']));
+ $uid = db_result(db_query("SELECT uid from {users} WHERE name = ?", $form_state['values']['owner_name']));
return array('owner_uid' => $uid);
}
Index: modules/locale/locale.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/locale/locale.module,v
retrieving revision 1.193
diff -u -r1.193 locale.module
--- modules/locale/locale.module 28 Sep 2007 18:11:27 -0000 1.193
+++ modules/locale/locale.module 5 Oct 2007 07:23:48 -0000
@@ -335,7 +335,7 @@
if (!isset($locale_t[$langcode][$string])) {
// We do not have this translation cached, so get it from the DB.
- $translation = db_fetch_object(db_query("SELECT s.lid, t.translation, s.version FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = '%s' WHERE s.source = '%s' AND s.textgroup = 'default'", $langcode, $string));
+ $translation = db_fetch_object(db_query("SELECT s.lid, t.translation, s.version FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = ? WHERE s.source = ? AND s.textgroup = 'default'", $langcode, $string));
if ($translation) {
// We have the source string at least.
// Cache translation string or TRUE if no translation exists.
@@ -345,13 +345,13 @@
// This is the first use of this string under current Drupal version. Save version
// and clear cache, to include the string into caching next time. Saved version is
// also a string-history information for later pruning of the tables.
- db_query("UPDATE {locales_source} SET version = '%s' WHERE lid = %d LIMIT 1", VERSION, $translation->lid);
+ db_query("UPDATE {locales_source} SET version = ? WHERE lid = ? LIMIT 1", VERSION, $translation->lid);
cache_clear_all('locale:'. $langcode, 'cache');
}
}
else {
// We don't have the source string, cache this as untranslated.
- db_query("INSERT INTO {locales_source} (location, source, textgroup, version) VALUES ('%s', '%s', 'default', '%s')", request_uri(), $string, VERSION);
+ db_query("INSERT INTO {locales_source} (location, source, textgroup, version) VALUES (?, ?, 'default', ?)", request_uri(), $string, VERSION);
$locale_t[$langcode][$string] = TRUE;
// Clear locale cache so this string can be added in a later request.
cache_clear_all('locale:'. $langcode, 'cache');
@@ -372,7 +372,7 @@
unset($languages['en']);
foreach ($languages as $language) {
- $result = db_query("SELECT s.source, t.translation, t.language FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = '%s' WHERE s.textgroup = 'default' AND s.version = '%s' AND LENGTH(s.source) < 75", $language->language, VERSION);
+ $result = db_query("SELECT s.source, t.translation, t.language FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = ? WHERE s.textgroup = 'default' AND s.version = ? AND LENGTH(s.source) < 75", $language->language, VERSION);
$t = array();
while ($data = db_fetch_object($result)) {
$t[$data->source] = (empty($data->translation) ? TRUE : $data->translation);
Index: modules/profile/profile.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile/profile.module,v
retrieving revision 1.219
diff -u -r1.219 profile.module
--- modules/profile/profile.module 5 Sep 2007 18:11:27 -0000 1.219
+++ modules/profile/profile.module 5 Oct 2007 07:23:48 -0000
@@ -131,7 +131,7 @@
else if ($op == 'configure' && $delta == 0) {
// Compile a list of fields to show
$fields = array();
- $result = db_query('SELECT name, title, weight, visibility FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
+ $result = db_query('SELECT name, title, weight, visibility FROM {profile_fields} WHERE visibility IN (?, ?) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
while ($record = db_fetch_object($result)) {
$fields[$record->name] = $record->title;
}
@@ -157,7 +157,7 @@
if ($use_fields = variable_get('profile_block_author_fields', array())) {
// Compile a list of fields to show.
$fields = array();
- $result = db_query('SELECT name, title, type, visibility, weight FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
+ $result = db_query('SELECT name, title, type, visibility, weight FROM {profile_fields} WHERE visibility IN (?, ?) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
while ($record = db_fetch_object($result)) {
// Ensure that field is displayed only if it is among the defined block fields and, if it is private, the user has appropriate permissions.
if (isset($use_fields[$record->name]) && $use_fields[$record->name]) {
@@ -207,7 +207,7 @@
case 'categories':
return profile_categories();
case 'delete':
- db_query('DELETE FROM {profile_values} WHERE uid = %d', $user->uid);
+ db_query('DELETE FROM {profile_values} WHERE uid = ?', $user->uid);
}
}
@@ -219,7 +219,7 @@
if (is_numeric($arg)) {
$fid = $arg;
- $edit = db_fetch_array(db_query('SELECT * FROM {profile_fields} WHERE fid = %d', $fid));
+ $edit = db_fetch_array(db_query('SELECT * FROM {profile_fields} WHERE fid = ?', $fid));
if (!$edit) {
drupal_not_found();
@@ -360,13 +360,13 @@
if (isset($form_state['values']['fid'])) {
$args1[] = $args2[] = $form_state['values']['fid'];
- $query_suffix = ' AND fid != %d';
+ $query_suffix = ' AND fid != ?';
}
- if (db_result(db_query("SELECT fid FROM {profile_fields} WHERE title = '%s' AND category = '%s'". $query_suffix, $args1))) {
+ if (db_result(db_query("SELECT fid FROM {profile_fields} WHERE title = ? AND category = ?". $query_suffix, $args1))) {
form_set_error('title', t('The specified title is already in use.'));
}
- if (db_result(db_query("SELECT fid FROM {profile_fields} WHERE name = '%s'". $query_suffix, $args2))) {
+ if (db_result(db_query("SELECT fid FROM {profile_fields} WHERE name = ?". $query_suffix, $args2))) {
form_set_error('name', t('The specified name is already in use.'));
}
}
@@ -382,13 +382,13 @@
$form_state['values']['page'] = '';
}
if (!isset($form_state['values']['fid'])) {
- db_query("INSERT INTO {profile_fields} (title, name, explanation, category, type, weight, required, register, visibility, autocomplete, options, page) VALUES ('%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, '%s', '%s')", $form_state['values']['title'], $form_state['values']['name'], $form_state['values']['explanation'], $form_state['values']['category'], $form_state['values']['type'], $form_state['values']['weight'], $form_state['values']['required'], $form_state['values']['register'], $form_state['values']['visibility'], $form_state['values']['autocomplete'], $form_state['values']['options'], $form_state['values']['page']);
+ db_query("INSERT INTO {profile_fields} (title, name, explanation, category, type, weight, required, register, visibility, autocomplete, options, page) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $form_state['values']['title'], $form_state['values']['name'], $form_state['values']['explanation'], $form_state['values']['category'], $form_state['values']['type'], $form_state['values']['weight'], $form_state['values']['required'], $form_state['values']['register'], $form_state['values']['visibility'], $form_state['values']['autocomplete'], $form_state['values']['options'], $form_state['values']['page']);
drupal_set_message(t('The field has been created.'));
watchdog('profile', 'Profile field %field added under category %category.', array('%field' => $form_state['values']['title'], '%category' => $form_state['values']['category']), WATCHDOG_NOTICE, l(t('view'), 'admin/user/profile'));
}
else {
- db_query("UPDATE {profile_fields} SET title = '%s', name = '%s', explanation = '%s', category = '%s', weight = %d, required = %d, register = %d, visibility = %d, autocomplete = %d, options = '%s', page = '%s' WHERE fid = %d", $form_state['values']['title'], $form_state['values']['name'], $form_state['values']['explanation'], $form_state['values']['category'], $form_state['values']['weight'], $form_state['values']['required'], $form_state['values']['register'], $form_state['values']['visibility'], $form_state['values']['autocomplete'], $form_state['values']['options'], $form_state['values']['page'], $form_state['values']['fid']);
+ db_query("UPDATE {profile_fields} SET title = ?, name = ?, explanation = ?, category = ?, weight = ?, required = ?, register = ?, visibility = ?, autocomplete = ?, options = ?, page = ? WHERE fid = ?", $form_state['values']['title'], $form_state['values']['name'], $form_state['values']['explanation'], $form_state['values']['category'], $form_state['values']['weight'], $form_state['values']['required'], $form_state['values']['register'], $form_state['values']['visibility'], $form_state['values']['autocomplete'], $form_state['values']['options'], $form_state['values']['page'], $form_state['values']['fid']);
drupal_set_message(t('The field has been updated.'));
}
@@ -403,7 +403,7 @@
* Menu callback; deletes a field from all user profiles.
*/
function profile_field_delete(&$form_state, $fid) {
- $field = db_fetch_object(db_query("SELECT title FROM {profile_fields} WHERE fid = %d", $fid));
+ $field = db_fetch_object(db_query("SELECT title FROM {profile_fields} WHERE fid = ?", $fid));
if (!$field) {
drupal_not_found();
return;
@@ -421,8 +421,8 @@
* Process a field delete form submission.
*/
function profile_field_delete_submit($form, &$form_state) {
- db_query('DELETE FROM {profile_fields} WHERE fid = %d', $form_state['values']['fid']);
- db_query('DELETE FROM {profile_values} WHERE fid = %d', $form_state['values']['fid']);
+ db_query('DELETE FROM {profile_fields} WHERE fid = ?', $form_state['values']['fid']);
+ db_query('DELETE FROM {profile_values} WHERE fid = ?', $form_state['values']['fid']);
cache_clear_all();
@@ -467,7 +467,7 @@
// Ensure that the path is converted to 3 levels always.
list(, $name, $value) = array_pad(explode('/', $_GET['q'], 3), 3, '');
- $field = db_fetch_object(db_query("SELECT DISTINCT(fid), type, title, page, visibility FROM {profile_fields} WHERE name = '%s'", $name));
+ $field = db_fetch_object(db_query("SELECT DISTINCT(fid), type, title, page, visibility FROM {profile_fields} WHERE name = ?", $name));
if ($name && $field->fid) {
// Only allow browsing of fields that have a page title set.
@@ -483,7 +483,7 @@
// Compile a list of fields to show.
$fields = array();
- $result = db_query('SELECT name, title, type, weight, page FROM {profile_fields} WHERE fid != %d AND visibility = %d ORDER BY weight', $field->fid, PROFILE_PUBLIC_LISTINGS);
+ $result = db_query('SELECT name, title, type, weight, page FROM {profile_fields} WHERE fid != ? AND visibility = ? ORDER BY weight', $field->fid, PROFILE_PUBLIC_LISTINGS);
while ($record = db_fetch_object($result)) {
$fields[] = $record;
}
@@ -496,7 +496,7 @@
break;
case 'textfield':
case 'selection':
- $query = "v.value = '%s'";
+ $query = "v.value = ?";
$arguments[] = $value;
break;
case 'list':
@@ -509,7 +509,7 @@
}
// Extract the affected users:
- $result = pager_query("SELECT u.uid, u.access FROM {users} u INNER JOIN {profile_values} v ON u.uid = v.uid WHERE v.fid = %d AND $query AND u.access != 0 AND u.status != 0 ORDER BY u.access DESC", 20, 0, NULL, $arguments);
+ $result = pager_query("SELECT u.uid, u.access FROM {users} u INNER JOIN {profile_values} v ON u.uid = v.uid WHERE v.fid = ? AND $query AND u.access != 0 AND u.status != 0 ORDER BY u.access DESC", 20, 0, NULL, $arguments);
$content = '';
while ($account = db_fetch_object($result)) {
@@ -536,7 +536,7 @@
else {
// Compile a list of fields to show.
$fields = array();
- $result = db_query('SELECT name, title, type, weight, page FROM {profile_fields} WHERE visibility = %d ORDER BY category, weight', PROFILE_PUBLIC_LISTINGS);
+ $result = db_query('SELECT name, title, type, weight, page FROM {profile_fields} WHERE visibility = ? ORDER BY category, weight', PROFILE_PUBLIC_LISTINGS);
while ($record = db_fetch_object($result)) {
$fields[] = $record;
}
@@ -559,7 +559,7 @@
}
function profile_load_profile(&$user) {
- $result = db_query('SELECT f.name, f.type, v.value FROM {profile_fields} f INNER JOIN {profile_values} v ON f.fid = v.fid WHERE uid = %d', $user->uid);
+ $result = db_query('SELECT f.name, f.type, v.value FROM {profile_fields} f INNER JOIN {profile_values} v ON f.fid = v.fid WHERE uid = ?', $user->uid);
while ($field = db_fetch_object($result)) {
if (empty($user->{$field->name})) {
$user->{$field->name} = _profile_field_serialize($field->type) ? unserialize($field->value) : $field->value;
@@ -573,8 +573,8 @@
if (_profile_field_serialize($field->type)) {
$edit[$field->name] = serialize($edit[$field->name]);
}
- db_query("DELETE FROM {profile_values} WHERE fid = %d AND uid = %d", $field->fid, $user->uid);
- db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (%d, %d, '%s')", $field->fid, $user->uid, $edit[$field->name]);
+ db_query("DELETE FROM {profile_values} WHERE fid = ? AND uid = ?", $field->fid, $user->uid);
+ db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (?, ?, ?)", $field->fid, $user->uid, $edit[$field->name]);
// Mark field as handled (prevents saving to user->data).
$edit[$field->name] = NULL;
}
@@ -631,10 +631,10 @@
// Show private fields to administrators and people viewing their own account.
if (user_access('administer users') || $GLOBALS['user']->uid == $user->uid) {
- $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != %d ORDER BY category, weight', PROFILE_HIDDEN);
+ $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != ? ORDER BY category, weight', PROFILE_HIDDEN);
}
else {
- $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != %d AND visibility != %d ORDER BY category, weight', PROFILE_PRIVATE, PROFILE_HIDDEN);
+ $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != ? AND visibility != ? ORDER BY category, weight', PROFILE_PRIVATE, PROFILE_HIDDEN);
}
$fields = array();
@@ -756,8 +756,8 @@
*/
function profile_autocomplete($field, $string) {
$matches = array();
- if (db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE fid = %d AND autocomplete = 1", $field))) {
- $result = db_query_range("SELECT value FROM {profile_values} WHERE fid = %d AND LOWER(value) LIKE LOWER('%s%%') GROUP BY value ORDER BY value ASC", $field, $string, 0, 10);
+ if (db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE fid = ? AND autocomplete = 1", $field))) {
+ $result = db_query_range("SELECT value FROM {profile_values} WHERE fid = ? AND LOWER(value) LIKE LOWER('%s%%') GROUP BY value ORDER BY value ASC", $field, $string, 0, 10);
while ($data = db_fetch_object($result)) {
$matches[$data->value] = check_plain($data->value);
}
@@ -892,12 +892,12 @@
$filters[] = 'register = 1';
}
else {
- // Use LOWER('%s') instead of PHP's strtolower() to avoid UTF-8 conversion issues.
- $filters[] = "LOWER(category) = LOWER('%s')";
+ // Use LOWER(?) instead of PHP's strtolower() to avoid UTF-8 conversion issues.
+ $filters[] = "LOWER(category) = LOWER(?)";
$args[] = $category;
}
if (!user_access('administer users')) {
- $filters[] = 'visibility != %d';
+ $filters[] = 'visibility != ?';
$args[] = PROFILE_HIDDEN;
}
$sql .= implode(' AND ', $filters);
Index: modules/filter/filter.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter/filter.admin.inc,v
retrieving revision 1.2
diff -u -r1.2 filter.admin.inc
--- modules/filter/filter.admin.inc 17 Sep 2007 09:16:48 -0000 1.2
+++ modules/filter/filter.admin.inc 5 Oct 2007 07:23:48 -0000
@@ -166,7 +166,7 @@
function filter_admin_format_form_validate($form, &$form_state) {
if (!isset($form_state['values']['format'])) {
$name = trim($form_state['values']['name']);
- $result = db_fetch_object(db_query("SELECT format FROM {filter_formats} WHERE name='%s'", $name));
+ $result = db_fetch_object(db_query("SELECT format FROM {filter_formats} WHERE name=?", $name));
if ($result) {
form_set_error('name', t('Filter format names need to be unique. A format named %name already exists.', array('%name' => $name)));
}
@@ -185,7 +185,7 @@
// Add a new filter format.
if (!$format) {
$new = TRUE;
- db_query("INSERT INTO {filter_formats} (name) VALUES ('%s')", $name);
+ db_query("INSERT INTO {filter_formats} (name) VALUES (?)", $name);
$format = db_result(db_query("SELECT MAX(format) AS format FROM {filter_formats}"));
drupal_set_message(t('Added input format %format.', array('%format' => $name)));
}
@@ -193,13 +193,13 @@
drupal_set_message(t('The input format settings have been updated.'));
}
- db_query("DELETE FROM {filters} WHERE format = %d", $format);
+ db_query("DELETE FROM {filters} WHERE format = ?", $format);
foreach ($form_state['values']['filters'] as $id => $checked) {
if ($checked) {
list($module, $delta) = explode('/', $id);
// Add new filters to the bottom.
$weight = isset($current[$id]->weight) ? $current[$id]->weight : 10;
- db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, '%s', %d, %d)", $format, $module, $delta, $weight);
+ db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (?, ?, ?, ?)", $format, $module, $delta, $weight);
// Check if there are any 'no cache' filters.
$cache &= !module_invoke($module, 'filter', 'no cache', $delta);
@@ -224,7 +224,7 @@
$roles = ','. implode(',', $roles) .',';
}
- db_query("UPDATE {filter_formats} SET cache = %d, name='%s', roles = '%s' WHERE format = %d", $cache, $name, $roles, $format);
+ db_query("UPDATE {filter_formats} SET cache = ?, name=?, roles = ? WHERE format = ?", $cache, $name, $roles, $format);
cache_clear_all($format .':', 'cache_filter', TRUE);
@@ -245,7 +245,7 @@
*/
function filter_admin_delete() {
$format = arg(4);
- $format = db_fetch_object(db_query('SELECT * FROM {filter_formats} WHERE format = %d', $format));
+ $format = db_fetch_object(db_query('SELECT * FROM {filter_formats} WHERE format = ?', $format));
if ($format) {
if ($format->format != variable_get('filter_default_format', 1)) {
@@ -268,14 +268,14 @@
* Process filter delete form submission.
*/
function filter_admin_delete_submit($form, &$form_state) {
- db_query("DELETE FROM {filter_formats} WHERE format = %d", $form_state['values']['format']);
- db_query("DELETE FROM {filters} WHERE format = %d", $form_state['values']['format']);
+ db_query("DELETE FROM {filter_formats} WHERE format = ?", $form_state['values']['format']);
+ db_query("DELETE FROM {filters} WHERE format = ?", $form_state['values']['format']);
$default = variable_get('filter_default_format', 1);
// Replace existing instances of the deleted format with the default format.
- db_query("UPDATE {node_revisions} SET format = %d WHERE format = %d", $default, $form_state['values']['format']);
- db_query("UPDATE {comments} SET format = %d WHERE format = %d", $default, $form_state['values']['format']);
- db_query("UPDATE {boxes} SET format = %d WHERE format = %d", $default, $form_state['values']['format']);
+ db_query("UPDATE {node_revisions} SET format = ? WHERE format = ?", $default, $form_state['values']['format']);
+ db_query("UPDATE {comments} SET format = ? WHERE format = ?", $default, $form_state['values']['format']);
+ db_query("UPDATE {boxes} SET format = ? WHERE format = ?", $default, $form_state['values']['format']);
cache_clear_all($form_state['values']['format'] .':', 'cache_filter', TRUE);
drupal_set_message(t('Deleted input format %format.', array('%format' => $form_state['values']['name'])));
@@ -373,7 +373,7 @@
function filter_admin_order_submit($form, &$form_state) {
foreach ($form_state['values']['weights'] as $id => $weight) {
list($module, $delta) = explode('/', $id);
- db_query("UPDATE {filters} SET weight = %d WHERE format = %d AND module = '%s' AND delta = %d", $weight, $form_state['values']['format'], $module, $delta);
+ db_query("UPDATE {filters} SET weight = ? WHERE format = ? AND module = ? AND delta = ?", $weight, $form_state['values']['format'], $module, $delta);
}
drupal_set_message(t('The filter ordering has been saved.'));
Index: modules/filter/filter.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter/filter.module,v
retrieving revision 1.189
diff -u -r1.189 filter.module
--- modules/filter/filter.module 28 Sep 2007 08:09:25 -0000 1.189
+++ modules/filter/filter.module 5 Oct 2007 07:23:48 -0000
@@ -298,10 +298,10 @@
if (!$all) {
$where = array();
foreach ($user->roles as $rid => $role) {
- $where[] = "roles LIKE '%%,%d,%%'";
+ $where[] = "roles LIKE '%%,?,%%'";
$args[] = $rid;
}
- $query .= ' WHERE '. implode(' OR ', $where) .' OR format = %d';
+ $query .= ' WHERE '. implode(' OR ', $where) .' OR format = ?';
$args[] = variable_get('filter_default_format', 1);
}
@@ -356,7 +356,7 @@
static $cache = array();
$format = filter_resolve_format($format);
if (!isset($cache[$format])) {
- $cache[$format] = db_result(db_query('SELECT cache FROM {filter_formats} WHERE format = %d', $format));
+ $cache[$format] = db_result(db_query('SELECT cache FROM {filter_formats} WHERE format = ?', $format));
}
return $cache[$format];
}
@@ -369,7 +369,7 @@
if (!isset($filters[$format])) {
$filters[$format] = array();
- $result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight ASC", $format);
+ $result = db_query("SELECT * FROM {filters} WHERE format = ? ORDER BY weight ASC", $format);
while ($filter = db_fetch_object($result)) {
$list = module_invoke($filter->module, 'filter', 'list');
if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
@@ -551,7 +551,7 @@
$formats = filter_formats();
}
else {
- $formats = array(db_fetch_object(db_query("SELECT * FROM {filter_formats} WHERE format = %d", $format)));
+ $formats = array(db_fetch_object(db_query("SELECT * FROM {filter_formats} WHERE format = ?", $format)));
}
$tips = array();
Index: modules/path/path.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/path/path.admin.inc,v
retrieving revision 1.4
diff -u -r1.4 path.admin.inc
--- modules/path/path.admin.inc 12 Aug 2007 16:34:56 -0000 1.4
+++ modules/path/path.admin.inc 5 Oct 2007 07:23:48 -0000
@@ -133,7 +133,7 @@
// Language is only set if locale module is enabled, otherwise save for all languages.
$language = isset($form_state['values']['language']) ? $form_state['values']['language'] : '';
- if (db_result(db_query("SELECT COUNT(dst) FROM {url_alias} WHERE pid != %d AND dst = '%s' AND language = '%s'", $pid, $dst, $language))) {
+ if (db_result(db_query("SELECT COUNT(dst) FROM {url_alias} WHERE pid != ? AND dst = ? AND language = ?", $pid, $dst, $language))) {
form_set_error('dst', t('The alias %alias is already in use in this language.', array('%alias' => $dst)));
}
}
Index: modules/path/path.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/path/path.module,v
retrieving revision 1.131
diff -u -r1.131 path.module
--- modules/path/path.module 12 Aug 2007 16:34:56 -0000 1.131
+++ modules/path/path.module 5 Oct 2007 07:23:48 -0000
@@ -76,7 +76,7 @@
* Post-confirmation; delete an URL alias.
*/
function path_admin_delete($pid = 0) {
- db_query('DELETE FROM {url_alias} WHERE pid = %d', $pid);
+ db_query('DELETE FROM {url_alias} WHERE pid = ?', $pid);
drupal_set_message(t('The alias has been deleted.'));
}
@@ -86,36 +86,36 @@
function path_set_alias($path = NULL, $alias = NULL, $pid = NULL, $language = '') {
if ($path && !$alias) {
// Delete based on path
- db_query("DELETE FROM {url_alias} WHERE src = '%s' AND language = '%s'", $path, $language);
+ db_query("DELETE FROM {url_alias} WHERE src = ? AND language = ?", $path, $language);
drupal_clear_path_cache();
}
else if (!$path && $alias) {
// Delete based on alias
- db_query("DELETE FROM {url_alias} WHERE dst = '%s' AND language = '%s'", $alias, $language);
+ db_query("DELETE FROM {url_alias} WHERE dst = ? AND language = ?", $alias, $language);
drupal_clear_path_cache();
}
else if ($path && $alias) {
$path = urldecode($path);
- $path_count = db_result(db_query("SELECT COUNT(src) FROM {url_alias} WHERE src = '%s' AND language = '%s'", $path, $language));
+ $path_count = db_result(db_query("SELECT COUNT(src) FROM {url_alias} WHERE src = ? AND language = ?", $path, $language));
$alias = urldecode($alias);
// Alias count can only be 0 or 1.
- $alias_count = db_result(db_query("SELECT COUNT(dst) FROM {url_alias} WHERE dst = '%s' AND language = '%s'", $alias, $language));
+ $alias_count = db_result(db_query("SELECT COUNT(dst) FROM {url_alias} WHERE dst = ? AND language = ?", $alias, $language));
if ($alias_count == 0) {
if ($pid) {
// Existing path changed data
- db_query("UPDATE {url_alias} SET src = '%s', dst = '%s', language = '%s' WHERE pid = %d", $path, $alias, $language, $pid);
+ db_query("UPDATE {url_alias} SET src = ?, dst = ?, language = ? WHERE pid = ?", $path, $alias, $language, $pid);
}
else {
// No such alias yet in this language
- db_query("INSERT INTO {url_alias} (src, dst, language) VALUES ('%s', '%s', '%s')", $path, $alias, $language);
+ db_query("INSERT INTO {url_alias} (src, dst, language) VALUES (?, ?, ?)", $path, $alias, $language);
}
}
// The alias exists.
else {
// This path has no alias yet, so we redirect the alias here.
if ($path_count == 0) {
- db_query("UPDATE {url_alias} SET src = '%s' WHERE dst = '%s' AND language = '%s'", $path, $alias, $language);
+ db_query("UPDATE {url_alias} SET src = ? WHERE dst = ? AND language = ?", $path, $alias, $language);
}
else {
// This will delete the path that alias was originally pointing to.
@@ -143,7 +143,7 @@
case 'validate':
$node->path = trim($node->path);
$language = isset($node->language) ? $node->language : '';
- if (db_result(db_query("SELECT COUNT(dst) FROM {url_alias} WHERE dst = '%s' AND src != '%s' AND language = '%s'", $node->path, "node/$node->nid", $language))) {
+ if (db_result(db_query("SELECT COUNT(dst) FROM {url_alias} WHERE dst = ? AND src != ? AND language = ?", $node->path, "node/$node->nid", $language))) {
form_set_error('path', t('The path is already in use.'));
}
break;
@@ -204,7 +204,7 @@
if ($path) {
$form['path']['pid'] = array(
'#type' => 'value',
- '#value' => db_result(db_query("SELECT pid FROM {url_alias} WHERE dst = '%s'", $path))
+ '#value' => db_result(db_query("SELECT pid FROM {url_alias} WHERE dst = ?", $path))
);
}
}
@@ -221,5 +221,5 @@
* Fetch a specific URL alias from the database.
*/
function path_load($pid) {
- return db_fetch_array(db_query('SELECT * FROM {url_alias} WHERE pid = %d', $pid));
+ return db_fetch_array(db_query('SELECT * FROM {url_alias} WHERE pid = ?', $pid));
}
Index: modules/aggregator/aggregator.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/aggregator/aggregator.admin.inc,v
retrieving revision 1.1
diff -u -r1.1 aggregator.admin.inc
--- modules/aggregator/aggregator.admin.inc 5 Sep 2007 08:31:48 -0000 1.1
+++ modules/aggregator/aggregator.admin.inc 5 Oct 2007 07:23:45 -0000
@@ -77,7 +77,7 @@
// Handling of categories:
$options = array();
$values = array();
- $categories = db_query('SELECT c.cid, c.title, f.fid FROM {aggregator_category} c LEFT JOIN {aggregator_category_feed} f ON c.cid = f.cid AND f.fid = %d ORDER BY title', $edit['fid']);
+ $categories = db_query('SELECT c.cid, c.title, f.fid FROM {aggregator_category} c LEFT JOIN {aggregator_category_feed} f ON c.cid = f.cid AND f.fid = ? ORDER BY title', $edit['fid']);
while ($category = db_fetch_object($categories)) {
$options[$category->cid] = check_plain($category->title);
if ($category->fid) $values[] = $category->cid;
@@ -112,10 +112,10 @@
}
// Check for duplicate titles.
if (isset($form_state['values']['fid'])) {
- $result = db_query("SELECT title, url FROM {aggregator_feed} WHERE (title = '%s' OR url='%s') AND fid != %d", $form_state['values']['title'], $form_state['values']['url'], $form_state['values']['fid']);
+ $result = db_query("SELECT title, url FROM {aggregator_feed} WHERE (title = ? OR url=?) AND fid != ?", $form_state['values']['title'], $form_state['values']['url'], $form_state['values']['fid']);
}
else {
- $result = db_query("SELECT title, url FROM {aggregator_feed} WHERE title = '%s' OR url='%s'", $form_state['values']['title'], $form_state['values']['url']);
+ $result = db_query("SELECT title, url FROM {aggregator_feed} WHERE title = ? OR url=?", $form_state['values']['title'], $form_state['values']['url']);
}
while ($feed = db_fetch_object($result)) {
if (strcasecmp($feed->title, $form_state['values']['title']) == 0) {
@@ -258,10 +258,10 @@
if ($form_state['values']['op'] == t('Save')) {
// Check for duplicate titles
if (isset($form_state['values']['cid'])) {
- $category = db_fetch_object(db_query("SELECT cid FROM {aggregator_category} WHERE title = '%s' AND cid != %d", $form_state['values']['title'], $form_state['values']['cid']));
+ $category = db_fetch_object(db_query("SELECT cid FROM {aggregator_category} WHERE title = ? AND cid != ?", $form_state['values']['title'], $form_state['values']['cid']));
}
else {
- $category = db_fetch_object(db_query("SELECT cid FROM {aggregator_category} WHERE title = '%s'", $form_state['values']['title']));
+ $category = db_fetch_object(db_query("SELECT cid FROM {aggregator_category} WHERE title = ?", $form_state['values']['title']));
}
if ($category) {
form_set_error('title', t('A category named %category already exists. Please enter a unique title.', array('%category' => $form_state['values']['title'])));
Index: modules/aggregator/aggregator.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/aggregator/aggregator.pages.inc,v
retrieving revision 1.4
diff -u -r1.4 aggregator.pages.inc
--- modules/aggregator/aggregator.pages.inc 2 Oct 2007 16:03:17 -0000 1.4
+++ modules/aggregator/aggregator.pages.inc 5 Oct 2007 07:23:46 -0000
@@ -60,7 +60,7 @@
if (isset($sql)) {
$result = pager_query($sql, 20);
while ($item = db_fetch_object($result)) {
- $result_category = db_query('SELECT c.title, c.cid FROM {aggregator_category_item} ci LEFT JOIN {aggregator_category} c ON ci.cid = c.cid WHERE ci.iid = %d ORDER BY c.title', $item->iid);
+ $result_category = db_query('SELECT c.title, c.cid FROM {aggregator_category_item} ci LEFT JOIN {aggregator_category} c ON ci.cid = c.cid WHERE ci.iid = ? ORDER BY c.title', $item->iid);
$item->categories = array();
while ($item_categories = db_fetch_object($result_category)) {
$item->categories[] = $item_categories;
@@ -110,7 +110,7 @@
foreach ($items as $item) {
$form['items'][$item->iid] = array('#value' => theme('aggregator_item', $item));
$form['categories'][$item->iid] = array();
- $categories_result = db_query('SELECT c.cid, c.title, ci.iid FROM {aggregator_category} c LEFT JOIN {aggregator_category_item} ci ON c.cid = ci.cid AND ci.iid = %d', $item->iid);
+ $categories_result = db_query('SELECT c.cid, c.title, ci.iid FROM {aggregator_category} c LEFT JOIN {aggregator_category_item} ci ON c.cid = ci.cid AND ci.iid = ?', $item->iid);
$selected = array();
while ($category = db_fetch_object($categories_result)) {
if (!$done) {
@@ -142,10 +142,10 @@
function aggregator_categorize_items_submit($form, &$form_state) {
foreach ($form_state['values']['categories'] as $iid => $selection) {
- db_query('DELETE FROM {aggregator_category_item} WHERE iid = %d', $iid);
+ db_query('DELETE FROM {aggregator_category_item} WHERE iid = ?', $iid);
foreach ($selection as $cid) {
if ($cid) {
- db_query('INSERT INTO {aggregator_category_item} (cid, iid) VALUES (%d, %d)', $cid, $iid);
+ db_query('INSERT INTO {aggregator_category_item} (cid, iid) VALUES (?, ?)', $cid, $iid);
}
}
}
@@ -233,7 +233,7 @@
// Most recent items:
$summary_items = array();
if (variable_get('aggregator_summary_items', 3)) {
- $items = db_query_range('SELECT i.title, i.timestamp, i.link FROM {aggregator_item} i WHERE i.fid = %d ORDER BY i.timestamp DESC', $feed->fid, 0, variable_get('aggregator_summary_items', 3));
+ $items = db_query_range('SELECT i.title, i.timestamp, i.link FROM {aggregator_item} i WHERE i.fid = ? ORDER BY i.timestamp DESC', $feed->fid, 0, variable_get('aggregator_summary_items', 3));
while ($item = db_fetch_object($items)) {
$summary_items[] = theme('aggregator_summary_item', $item);
}
@@ -256,7 +256,7 @@
while ($category = db_fetch_object($result)) {
if (variable_get('aggregator_summary_items', 3)) {
$summary_items = array();
- $items = db_query_range('SELECT i.title, i.timestamp, i.link, f.title as feed_title, f.link as feed_link FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON i.iid = ci.iid LEFT JOIN {aggregator_feed} f ON i.fid = f.fid WHERE ci.cid = %d ORDER BY i.timestamp DESC', $category->cid, 0, variable_get('aggregator_summary_items', 3));
+ $items = db_query_range('SELECT i.title, i.timestamp, i.link, f.title as feed_title, f.link as feed_link FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON i.iid = ci.iid LEFT JOIN {aggregator_feed} f ON i.fid = f.fid WHERE ci.cid = ? ORDER BY i.timestamp DESC', $category->cid, 0, variable_get('aggregator_summary_items', 3));
while ($item = db_fetch_object($items)) {
$summary_items[] = theme('aggregator_summary_item', $item);
}
@@ -275,8 +275,8 @@
$result = NULL;
// arg(2) is the passed cid, only select for that category
if (arg(2)) {
- $category = db_fetch_object(db_query('SELECT cid, title FROM {aggregator_category} WHERE cid = %d', arg(2)));
- $sql = 'SELECT i.*, f.title AS ftitle, f.link AS flink FROM {aggregator_category_item} c LEFT JOIN {aggregator_item} i ON c.iid = i.iid LEFT JOIN {aggregator_feed} f ON i.fid = f.fid WHERE cid = %d ORDER BY timestamp DESC, i.iid DESC';
+ $category = db_fetch_object(db_query('SELECT cid, title FROM {aggregator_category} WHERE cid = ?', arg(2)));
+ $sql = 'SELECT i.*, f.title AS ftitle, f.link AS flink FROM {aggregator_category_item} c LEFT JOIN {aggregator_item} i ON c.iid = i.iid LEFT JOIN {aggregator_feed} f ON i.fid = f.fid WHERE cid = ? ORDER BY timestamp DESC, i.iid DESC';
$result = db_query_range($sql, $category->cid, 0, variable_get('feed_default_items', 10));
}
// or, get the default aggregator items
@@ -342,7 +342,7 @@
*/
function aggregator_page_opml($cid = NULL) {
if ($cid) {
- $result = db_query('SELECT f.title, f.url FROM {aggregator_feed} f LEFT JOIN {aggregator_category_feed} c on f.fid = c.fid WHERE c.cid = %d ORDER BY title', $cid);
+ $result = db_query('SELECT f.title, f.url FROM {aggregator_feed} f LEFT JOIN {aggregator_category_feed} c on f.fid = c.fid WHERE c.cid = ? ORDER BY title', $cid);
}
else {
$result = db_query('SELECT * FROM {aggregator_feed} ORDER BY title');
Index: modules/aggregator/aggregator.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/aggregator/aggregator.module,v
retrieving revision 1.357
diff -u -r1.357 aggregator.module
--- modules/aggregator/aggregator.module 13 Sep 2007 08:02:38 -0000 1.357
+++ modules/aggregator/aggregator.module 5 Oct 2007 07:23:45 -0000
@@ -271,7 +271,7 @@
* Checks news feeds for updates once their refresh interval has elapsed.
*/
function aggregator_cron() {
- $result = db_query('SELECT * FROM {aggregator_feed} WHERE checked + refresh < %d', time());
+ $result = db_query('SELECT * FROM {aggregator_feed} WHERE checked + refresh < ?', time());
while ($feed = db_fetch_array($result)) {
aggregator_refresh($feed);
}
@@ -297,10 +297,10 @@
else if ($op == 'configure') {
list($type, $id) = explode('-', $delta);
if ($type == 'category') {
- $value = db_result(db_query('SELECT block FROM {aggregator_category} WHERE cid = %d', $id));
+ $value = db_result(db_query('SELECT block FROM {aggregator_category} WHERE cid = ?', $id));
}
else {
- $value = db_result(db_query('SELECT block FROM {aggregator_feed} WHERE fid = %d', $id));
+ $value = db_result(db_query('SELECT block FROM {aggregator_feed} WHERE fid = ?', $id));
}
$form['block'] = array('#type' => 'select', '#title' => t('Number of news items in block'), '#default_value' => $value, '#options' => drupal_map_assoc(array(2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)));
return $form;
@@ -308,27 +308,27 @@
else if ($op == 'save') {
list($type, $id) = explode('-', $delta);
if ($type == 'category') {
- $value = db_query('UPDATE {aggregator_category} SET block = %d WHERE cid = %d', $edit['block'], $id);
+ $value = db_query('UPDATE {aggregator_category} SET block = ? WHERE cid = ?', $edit['block'], $id);
}
else {
- $value = db_query('UPDATE {aggregator_feed} SET block = %d WHERE fid = %d', $edit['block'], $id);
+ $value = db_query('UPDATE {aggregator_feed} SET block = ? WHERE fid = ?', $edit['block'], $id);
}
}
else if ($op == 'view') {
list($type, $id) = explode('-', $delta);
switch ($type) {
case 'feed':
- if ($feed = db_fetch_object(db_query('SELECT fid, title, block FROM {aggregator_feed} WHERE fid = %d', $id))) {
+ if ($feed = db_fetch_object(db_query('SELECT fid, title, block FROM {aggregator_feed} WHERE fid = ?', $id))) {
$block['subject'] = check_plain($feed->title);
- $result = db_query_range('SELECT * FROM {aggregator_item} WHERE fid = %d ORDER BY timestamp DESC, iid DESC', $feed->fid, 0, $feed->block);
+ $result = db_query_range('SELECT * FROM {aggregator_item} WHERE fid = ? ORDER BY timestamp DESC, iid DESC', $feed->fid, 0, $feed->block);
$read_more = ''. l(t('more'), 'aggregator/sources/'. $feed->fid, array('title' => t("View this feed's recent news."))) .'
';
}
break;
case 'category':
- if ($category = db_fetch_object(db_query('SELECT cid, title, block FROM {aggregator_category} WHERE cid = %d', $id))) {
+ if ($category = db_fetch_object(db_query('SELECT cid, title, block FROM {aggregator_category} WHERE cid = ?', $id))) {
$block['subject'] = check_plain($category->title);
- $result = db_query_range('SELECT i.* FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON ci.iid = i.iid WHERE ci.cid = %d ORDER BY i.timestamp DESC, i.iid DESC', $category->cid, 0, $category->block);
+ $result = db_query_range('SELECT i.* FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON ci.iid = i.iid WHERE ci.cid = ? ORDER BY i.timestamp DESC, i.iid DESC', $category->cid, 0, $category->block);
$read_more = ''. l(t('more'), 'aggregator/categories/'. $category->cid, array('title' => t("View this category's recent news."))) .'
';
}
break;
@@ -354,14 +354,14 @@
*/
function aggregator_save_category($edit) {
if (!empty($edit['cid']) && !empty($edit['title'])) {
- db_query("UPDATE {aggregator_category} SET title = '%s', description = '%s' WHERE cid = %d", $edit['title'], $edit['description'], $edit['cid']);
+ db_query("UPDATE {aggregator_category} SET title = ?, description = ? WHERE cid = ?", $edit['title'], $edit['description'], $edit['cid']);
}
else if (!empty($edit['cid'])) {
- db_query('DELETE FROM {aggregator_category} WHERE cid = %d', $edit['cid']);
+ db_query('DELETE FROM {aggregator_category} WHERE cid = ?', $edit['cid']);
}
else if (!empty($edit['title'])) {
// A single unique id for bundles and feeds, to use in blocks
- db_query("INSERT INTO {aggregator_category} (title, description, block) VALUES ('%s', '%s', 5)", $edit['title'], $edit['description']);
+ db_query("INSERT INTO {aggregator_category} (title, description, block) VALUES (?, ?, 5)", $edit['title'], $edit['description']);
}
}
@@ -371,25 +371,25 @@
function aggregator_save_feed($edit) {
if (!empty($edit['fid'])) {
// An existing feed is being modified, delete the category listings.
- db_query('DELETE FROM {aggregator_category_feed} WHERE fid = %d', $edit['fid']);
+ db_query('DELETE FROM {aggregator_category_feed} WHERE fid = ?', $edit['fid']);
}
if (!empty($edit['fid']) && !empty($edit['title'])) {
- db_query("UPDATE {aggregator_feed} SET title = '%s', url = '%s', refresh = %d WHERE fid = %d", $edit['title'], $edit['url'], $edit['refresh'], $edit['fid']);
+ db_query("UPDATE {aggregator_feed} SET title = ?, url = ?, refresh = ? WHERE fid = ?", $edit['title'], $edit['url'], $edit['refresh'], $edit['fid']);
}
else if (!empty($edit['fid'])) {
$items = array();
- $result = db_query('SELECT iid FROM {aggregator_item} WHERE fid = %d', $edit['fid']);
+ $result = db_query('SELECT iid FROM {aggregator_item} WHERE fid = ?', $edit['fid']);
while ($item = db_fetch_object($result)) {
$items[] = "iid = $item->iid";
}
if (!empty($items)) {
db_query('DELETE FROM {aggregator_category_item} WHERE '. implode(' OR ', $items));
}
- db_query('DELETE FROM {aggregator_feed} WHERE fid = %d', $edit['fid']);
- db_query('DELETE FROM {aggregator_item} WHERE fid = %d', $edit['fid']);
+ db_query('DELETE FROM {aggregator_feed} WHERE fid = ?', $edit['fid']);
+ db_query('DELETE FROM {aggregator_item} WHERE fid = ?', $edit['fid']);
}
else if (!empty($edit['title'])) {
- db_query("INSERT INTO {aggregator_feed} (title, url, refresh, block, description, image) VALUES ('%s', '%s', %d, 5, '', '')", $edit['title'], $edit['url'], $edit['refresh']);
+ db_query("INSERT INTO {aggregator_feed} (title, url, refresh, block, description, image) VALUES (?, ?, ?, 5, '', '')", $edit['title'], $edit['url'], $edit['refresh']);
// A single unique id for bundles and feeds, to use in blocks.
$edit['fid'] = db_last_insert_id('aggregator_feed', 'fid');
}
@@ -398,7 +398,7 @@
if (!empty($edit['category'])) {
foreach ($edit['category'] as $cid => $value) {
if ($value) {
- db_query('INSERT INTO {aggregator_category_feed} (fid, cid) VALUES (%d, %d)', $edit['fid'], $cid);
+ db_query('INSERT INTO {aggregator_category_feed} (fid, cid) VALUES (?, ?)', $edit['fid'], $cid);
}
}
}
@@ -406,15 +406,15 @@
}
function aggregator_remove($feed) {
- $result = db_query('SELECT iid FROM {aggregator_item} WHERE fid = %d', $feed['fid']);
+ $result = db_query('SELECT iid FROM {aggregator_item} WHERE fid = ?', $feed['fid']);
while ($item = db_fetch_object($result)) {
$items[] = "iid = $item->iid";
}
if (!empty($items)) {
db_query('DELETE FROM {aggregator_category_item} WHERE '. implode(' OR ', $items));
}
- db_query('DELETE FROM {aggregator_item} WHERE fid = %d', $feed['fid']);
- db_query("UPDATE {aggregator_feed} SET checked = 0, etag = '', modified = 0 WHERE fid = %d", $feed['fid']);
+ db_query('DELETE FROM {aggregator_item} WHERE fid = ?', $feed['fid']);
+ db_query("UPDATE {aggregator_feed} SET checked = 0, etag = '', modified = 0 WHERE fid = ?", $feed['fid']);
drupal_set_message(t('The news items from %site have been removed.', array('%site' => $feed['title'])));
}
@@ -552,7 +552,7 @@
// Process HTTP response code.
switch ($result->code) {
case 304:
- db_query('UPDATE {aggregator_feed} SET checked = %d WHERE fid = %d', time(), $feed['fid']);
+ db_query('UPDATE {aggregator_feed} SET checked = ? WHERE fid = ?', time(), $feed['fid']);
drupal_set_message(t('There is no new syndicated content from %site.', array('%site' => $feed['title'])));
break;
case 301:
@@ -596,7 +596,7 @@
** Update the feed data:
*/
- db_query("UPDATE {aggregator_feed} SET url = '%s', checked = %d, link = '%s', description = '%s', image = '%s', etag = '%s', modified = %d WHERE fid = %d", $feed['url'], time(), $channel['LINK'], $channel['DESCRIPTION'], $image, $etag, $modified, $feed['fid']);
+ db_query("UPDATE {aggregator_feed} SET url = ?, checked = ?, link = ?, description = ?, image = ?, etag = ?, modified = ? WHERE fid = ?", $feed['url'], time(), $channel['LINK'], $channel['DESCRIPTION'], $image, $etag, $modified, $feed['fid']);
/*
** Clear the cache:
@@ -759,13 +759,13 @@
*/
if (!empty($guid)) {
- $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND guid = '%s'", $feed['fid'], $guid));
+ $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = ? AND guid = ?", $feed['fid'], $guid));
}
else if ($link && $link != $feed['link'] && $link != $feed['url']) {
- $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND link = '%s'", $feed['fid'], $link));
+ $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = ? AND link = ?", $feed['fid'], $link));
}
else {
- $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND title = '%s'", $feed['fid'], $title));
+ $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = ? AND title = ?", $feed['fid'], $title));
}
$item += array('AUTHOR' => '', 'DESCRIPTION' => '');
aggregator_save_item(array('iid' => (isset($entry->iid) ? $entry->iid: ''), 'fid' => $feed['fid'], 'timestamp' => $timestamp, 'title' => $title, 'link' => $link, 'author' => $item['AUTHOR'], 'description' => $item['DESCRIPTION'], 'guid' => $guid));
@@ -776,7 +776,7 @@
*/
$age = time() - variable_get('aggregator_clear', 9676800);
- $result = db_query('SELECT iid FROM {aggregator_item} WHERE fid = %d AND timestamp < %d', $feed['fid'], $age);
+ $result = db_query('SELECT iid FROM {aggregator_item} WHERE fid = ? AND timestamp < ?', $feed['fid'], $age);
$items = array();
$num_rows = FALSE;
@@ -786,7 +786,7 @@
}
if ($num_rows) {
db_query('DELETE FROM {aggregator_category_item} WHERE iid IN ('. implode(', ', $items) .')');
- db_query('DELETE FROM {aggregator_item} WHERE fid = %d AND timestamp < %d', $feed['fid'], $age);
+ db_query('DELETE FROM {aggregator_item} WHERE fid = ? AND timestamp < ?', $feed['fid'], $age);
}
return 1;
@@ -794,19 +794,19 @@
function aggregator_save_item($edit) {
if ($edit['iid'] && $edit['title']) {
- db_query("UPDATE {aggregator_item} SET title = '%s', link = '%s', author = '%s', description = '%s', guid = '%s', timestamp = %d WHERE iid = %d", $edit['title'], $edit['link'], $edit['author'], $edit['description'], $edit['guid'], $edit['timestamp'], $edit['iid']);
+ db_query("UPDATE {aggregator_item} SET title = ?, link = ?, author = ?, description = ?, guid = ?, timestamp = ? WHERE iid = ?", $edit['title'], $edit['link'], $edit['author'], $edit['description'], $edit['guid'], $edit['timestamp'], $edit['iid']);
}
else if ($edit['iid']) {
- db_query('DELETE FROM {aggregator_item} WHERE iid = %d', $edit['iid']);
- db_query('DELETE FROM {aggregator_category_item} WHERE iid = %d', $edit['iid']);
+ db_query('DELETE FROM {aggregator_item} WHERE iid = ?', $edit['iid']);
+ db_query('DELETE FROM {aggregator_category_item} WHERE iid = ?', $edit['iid']);
}
else if ($edit['title'] && $edit['link']) {
- db_query("INSERT INTO {aggregator_item} (fid, title, link, author, description, timestamp, guid) VALUES (%d, '%s', '%s', '%s', '%s', %d, '%s')", $edit['fid'], $edit['title'], $edit['link'], $edit['author'], $edit['description'], $edit['timestamp'], $edit['guid']);
+ db_query("INSERT INTO {aggregator_item} (fid, title, link, author, description, timestamp, guid) VALUES (?, ?, ?, ?, ?, ?, ?)", $edit['fid'], $edit['title'], $edit['link'], $edit['author'], $edit['description'], $edit['timestamp'], $edit['guid']);
$edit['iid'] = db_last_insert_id('aggregator_item', 'iid');
// file the items in the categories indicated by the feed
- $categories = db_query('SELECT cid FROM {aggregator_category_feed} WHERE fid = %d', $edit['fid']);
+ $categories = db_query('SELECT cid FROM {aggregator_category_feed} WHERE fid = ?', $edit['fid']);
while ($category = db_fetch_object($categories)) {
- db_query('INSERT INTO {aggregator_category_item} (cid, iid) VALUES (%d, %d)', $category->cid, $edit['iid']);
+ db_query('INSERT INTO {aggregator_category_item} (cid, iid) VALUES (?, ?)', $category->cid, $edit['iid']);
}
}
}
@@ -814,7 +814,7 @@
function aggregator_feed_load($fid) {
static $feeds;
if (!isset($feeds[$fid])) {
- $feeds[$fid] = db_fetch_array(db_query('SELECT * FROM {aggregator_feed} WHERE fid = %d', $fid));
+ $feeds[$fid] = db_fetch_array(db_query('SELECT * FROM {aggregator_feed} WHERE fid = ?', $fid));
}
return $feeds[$fid];
}
@@ -822,7 +822,7 @@
function aggregator_category_load($cid) {
static $categories;
if (!isset($categories[$cid])) {
- $categories[$cid] = db_fetch_array(db_query('SELECT * FROM {aggregator_category} WHERE cid = %d', $cid));
+ $categories[$cid] = db_fetch_array(db_query('SELECT * FROM {aggregator_category} WHERE cid = ?', $cid));
}
return $categories[$cid];
}
Index: modules/taxonomy/taxonomy.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.pages.inc,v
retrieving revision 1.2
diff -u -r1.2 taxonomy.pages.inc
--- modules/taxonomy/taxonomy.pages.inc 27 Sep 2007 16:52:00 -0000 1.2
+++ modules/taxonomy/taxonomy.pages.inc 5 Oct 2007 07:23:50 -0000
@@ -80,7 +80,7 @@
$last_string = trim(array_pop($array));
$matches = array();
if ($last_string != '') {
- $result = db_query_range(db_rewrite_sql("SELECT t.tid, t.name FROM {term_data} t WHERE t.vid = %d AND LOWER(t.name) LIKE LOWER('%%%s%%')", 't', 'tid'), $vid, $last_string, 0, 10);
+ $result = db_query_range(db_rewrite_sql("SELECT t.tid, t.name FROM {term_data} t WHERE t.vid = ? AND LOWER(t.name) LIKE LOWER('%%%s%%')", 't', 'tid'), $vid, $last_string, 0, 10);
$prefix = count($array) ? implode(', ', $array) .', ' : '';
Index: modules/taxonomy/taxonomy.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.module,v
retrieving revision 1.384
diff -u -r1.384 taxonomy.module
--- modules/taxonomy/taxonomy.module 2 Oct 2007 16:15:56 -0000 1.384
+++ modules/taxonomy/taxonomy.module 5 Oct 2007 07:23:50 -0000
@@ -171,9 +171,9 @@
if (!empty($edit['vid']) && !empty($edit['name'])) {
drupal_write_record('vocabulary', $edit, 'vid');
- db_query("DELETE FROM {vocabulary_node_types} WHERE vid = %d", $edit['vid']);
+ db_query("DELETE FROM {vocabulary_node_types} WHERE vid = ?", $edit['vid']);
foreach ($edit['nodes'] as $type => $selected) {
- db_query("INSERT INTO {vocabulary_node_types} (vid, type) VALUES (%d, '%s')", $edit['vid'], $type);
+ db_query("INSERT INTO {vocabulary_node_types} (vid, type) VALUES (?, ?)", $edit['vid'], $type);
}
module_invoke_all('taxonomy', 'update', 'vocabulary', $edit);
$status = SAVED_UPDATED;
@@ -184,7 +184,7 @@
else {
drupal_write_record('vocabulary', $edit);
foreach ($edit['nodes'] as $type => $selected) {
- db_query("INSERT INTO {vocabulary_node_types} (vid, type) VALUES (%d, '%s')", $edit['vid'], $type);
+ db_query("INSERT INTO {vocabulary_node_types} (vid, type) VALUES (?, ?)", $edit['vid'], $type);
}
module_invoke_all('taxonomy', 'insert', 'vocabulary', $edit);
$status = SAVED_NEW;
@@ -206,9 +206,9 @@
function taxonomy_del_vocabulary($vid) {
$vocabulary = (array) taxonomy_vocabulary_load($vid);
- db_query('DELETE FROM {vocabulary} WHERE vid = %d', $vid);
- db_query('DELETE FROM {vocabulary_node_types} WHERE vid = %d', $vid);
- $result = db_query('SELECT tid FROM {term_data} WHERE vid = %d', $vid);
+ db_query('DELETE FROM {vocabulary} WHERE vid = ?', $vid);
+ db_query('DELETE FROM {vocabulary_node_types} WHERE vid = ?', $vid);
+ $result = db_query('SELECT tid FROM {term_data} WHERE vid = ?', $vid);
while ($term = db_fetch_object($result)) {
taxonomy_del_term($term->tid);
}
@@ -247,16 +247,16 @@
$status = SAVED_NEW;
}
- db_query('DELETE FROM {term_relation} WHERE tid1 = %d OR tid2 = %d', $form_values['tid'], $form_values['tid']);
+ db_query('DELETE FROM {term_relation} WHERE tid1 = ? OR tid2 = ?', $form_values['tid'], $form_values['tid']);
if (!empty($form_values['relations'])) {
foreach ($form_values['relations'] as $related_id) {
if ($related_id != 0) {
- db_query('INSERT INTO {term_relation} (tid1, tid2) VALUES (%d, %d)', $form_values['tid'], $related_id);
+ db_query('INSERT INTO {term_relation} (tid1, tid2) VALUES (?, ?)', $form_values['tid'], $related_id);
}
}
}
- db_query('DELETE FROM {term_hierarchy} WHERE tid = %d', $form_values['tid']);
+ db_query('DELETE FROM {term_hierarchy} WHERE tid = ?', $form_values['tid']);
if (!isset($form_values['parent']) || empty($form_values['parent'])) {
$form_values['parent'] = array(0);
}
@@ -264,23 +264,23 @@
foreach ($form_values['parent'] as $parent) {
if (is_array($parent)) {
foreach ($parent as $tid) {
- db_query('INSERT INTO {term_hierarchy} (tid, parent) VALUES (%d, %d)', $form_values['tid'], $tid);
+ db_query('INSERT INTO {term_hierarchy} (tid, parent) VALUES (?, ?)', $form_values['tid'], $tid);
}
}
else {
- db_query('INSERT INTO {term_hierarchy} (tid, parent) VALUES (%d, %d)', $form_values['tid'], $parent);
+ db_query('INSERT INTO {term_hierarchy} (tid, parent) VALUES (?, ?)', $form_values['tid'], $parent);
}
}
}
else {
- db_query('INSERT INTO {term_hierarchy} (tid, parent) VALUES (%d, %d)', $form_values['tid'], $form_values['parent']);
+ db_query('INSERT INTO {term_hierarchy} (tid, parent) VALUES (?, ?)', $form_values['tid'], $form_values['parent']);
}
- db_query('DELETE FROM {term_synonym} WHERE tid = %d', $form_values['tid']);
+ db_query('DELETE FROM {term_synonym} WHERE tid = ?', $form_values['tid']);
if (!empty($form_values['synonyms'])) {
foreach (explode ("\n", str_replace("\r", '', $form_values['synonyms'])) as $synonym) {
if ($synonym) {
- db_query("INSERT INTO {term_synonym} (tid, name) VALUES (%d, '%s')", $form_values['tid'], chop($synonym));
+ db_query("INSERT INTO {term_synonym} (tid, name) VALUES (?, ?)", $form_values['tid'], chop($synonym));
}
}
}
@@ -320,11 +320,11 @@
$term = (array) taxonomy_get_term($tid);
- db_query('DELETE FROM {term_data} WHERE tid = %d', $tid);
- db_query('DELETE FROM {term_hierarchy} WHERE tid = %d', $tid);
- db_query('DELETE FROM {term_relation} WHERE tid1 = %d OR tid2 = %d', $tid, $tid);
- db_query('DELETE FROM {term_synonym} WHERE tid = %d', $tid);
- db_query('DELETE FROM {term_node} WHERE tid = %d', $tid);
+ db_query('DELETE FROM {term_data} WHERE tid = ?', $tid);
+ db_query('DELETE FROM {term_hierarchy} WHERE tid = ?', $tid);
+ db_query('DELETE FROM {term_relation} WHERE tid1 = ? OR tid2 = ?', $tid, $tid);
+ db_query('DELETE FROM {term_synonym} WHERE tid = ?', $tid);
+ db_query('DELETE FROM {term_node} WHERE tid = ?', $tid);
module_invoke_all('taxonomy', 'delete', 'term', $term);
}
@@ -380,7 +380,7 @@
*/
function taxonomy_get_vocabularies($type = NULL) {
if ($type) {
- $result = db_query(db_rewrite_sql("SELECT v.vid, v.*, n.type FROM {vocabulary} v LEFT JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE n.type = '%s' ORDER BY v.weight, v.name", 'v', 'vid'), $type);
+ $result = db_query(db_rewrite_sql("SELECT v.vid, v.*, n.type FROM {vocabulary} v LEFT JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE n.type = ? ORDER BY v.weight, v.name", 'v', 'vid'), $type);
}
else {
$result = db_query(db_rewrite_sql('SELECT v.*, n.type FROM {vocabulary} v LEFT JOIN {vocabulary_node_types} n ON v.vid = n.vid ORDER BY v.weight, v.name', 'v', 'vid'));
@@ -420,7 +420,7 @@
$terms = $node->taxonomy;
}
- $c = db_query(db_rewrite_sql("SELECT v.* FROM {vocabulary} v INNER JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE n.type = '%s' ORDER BY v.weight, v.name", 'v', 'vid'), $node->type);
+ $c = db_query(db_rewrite_sql("SELECT v.* FROM {vocabulary} v INNER JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE n.type = ? ORDER BY v.weight, v.name", 'v', 'vid'), $node->type);
while ($vocabulary = db_fetch_object($c)) {
if ($vocabulary->tags) {
@@ -474,7 +474,7 @@
* Find all terms associated with the given node, within one vocabulary.
*/
function taxonomy_node_get_terms_by_vocabulary($node, $vid, $key = 'tid') {
- $result = db_query(db_rewrite_sql('SELECT t.tid, t.* FROM {term_data} t INNER JOIN {term_node} r ON r.tid = t.tid WHERE t.vid = %d AND r.vid = %d ORDER BY weight', 't', 'tid'), $vid, $node->vid);
+ $result = db_query(db_rewrite_sql('SELECT t.tid, t.* FROM {term_data} t INNER JOIN {term_node} r ON r.tid = t.tid WHERE t.vid = ? AND r.vid = ? ORDER BY weight', 't', 'tid'), $vid, $node->vid);
$terms = array();
while ($term = db_fetch_object($result)) {
$terms[$term->$key] = $term;
@@ -489,7 +489,7 @@
static $terms;
if (!isset($terms[$node->vid][$key])) {
- $result = db_query(db_rewrite_sql('SELECT t.* FROM {term_node} r INNER JOIN {term_data} t ON r.tid = t.tid INNER JOIN {vocabulary} v ON t.vid = v.vid WHERE r.vid = %d ORDER BY v.weight, t.weight, t.name', 't', 'tid'), $node->vid);
+ $result = db_query(db_rewrite_sql('SELECT t.* FROM {term_node} r INNER JOIN {term_data} t ON r.tid = t.tid INNER JOIN {vocabulary} v ON t.vid = v.vid WHERE r.vid = ? ORDER BY v.weight, t.weight, t.name', 't', 'tid'), $node->vid);
$terms[$node->vid][$key] = array();
while ($term = db_fetch_object($result)) {
$terms[$node->vid][$key][$term->$key] = $term;
@@ -553,7 +553,7 @@
// Defend against duplicate, differently cased tags
if (!isset($inserted[$typed_term_tid])) {
- db_query('INSERT INTO {term_node} (nid, vid, tid) VALUES (%d, %d, %d)', $node->nid, $node->vid, $typed_term_tid);
+ db_query('INSERT INTO {term_node} (nid, vid, tid) VALUES (?, ?, ?)', $node->nid, $node->vid, $typed_term_tid);
$inserted[$typed_term_tid] = TRUE;
}
}
@@ -565,15 +565,15 @@
if (is_array($term)) {
foreach ($term as $tid) {
if ($tid) {
- db_query('INSERT INTO {term_node} (nid, vid, tid) VALUES (%d, %d, %d)', $node->nid, $node->vid, $tid);
+ db_query('INSERT INTO {term_node} (nid, vid, tid) VALUES (?, ?, ?)', $node->nid, $node->vid, $tid);
}
}
}
else if (is_object($term)) {
- db_query('INSERT INTO {term_node} (nid, vid, tid) VALUES (%d, %d, %d)', $node->nid, $node->vid, $term->tid);
+ db_query('INSERT INTO {term_node} (nid, vid, tid) VALUES (?, ?, ?)', $node->nid, $node->vid, $term->tid);
}
else if ($term) {
- db_query('INSERT INTO {term_node} (nid, vid, tid) VALUES (%d, %d, %d)', $node->nid, $node->vid, $term);
+ db_query('INSERT INTO {term_node} (nid, vid, tid) VALUES (?, ?, ?)', $node->nid, $node->vid, $term);
}
}
}
@@ -583,14 +583,14 @@
* Remove associations of a node to its terms.
*/
function taxonomy_node_delete($node) {
- db_query('DELETE FROM {term_node} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {term_node} WHERE nid = ?', $node->nid);
}
/**
* Remove associations of a node to its terms.
*/
function taxonomy_node_delete_revision($node) {
- db_query('DELETE FROM {term_node} WHERE vid = %d', $node->vid);
+ db_query('DELETE FROM {term_node} WHERE vid = ?', $node->vid);
}
/**
@@ -598,10 +598,10 @@
*/
function taxonomy_node_type($op, $info) {
if ($op == 'update' && !empty($info->old_type) && $info->type != $info->old_type) {
- db_query("UPDATE {vocabulary_node_types} SET type = '%s' WHERE type = '%s'", $info->type, $info->old_type);
+ db_query("UPDATE {vocabulary_node_types} SET type = ? WHERE type = ?", $info->type, $info->old_type);
}
elseif ($op == 'delete') {
- db_query("DELETE FROM {vocabulary_node_types} WHERE type = '%s'", $info->type);
+ db_query("DELETE FROM {vocabulary_node_types} WHERE type = ?", $info->type);
}
}
@@ -610,7 +610,7 @@
*/
function taxonomy_get_related($tid, $key = 'tid') {
if ($tid) {
- $result = db_query('SELECT t.*, tid1, tid2 FROM {term_relation}, {term_data} t WHERE (t.tid = tid1 OR t.tid = tid2) AND (tid1 = %d OR tid2 = %d) AND t.tid != %d ORDER BY weight, name', $tid, $tid, $tid);
+ $result = db_query('SELECT t.*, tid1, tid2 FROM {term_relation}, {term_data} t WHERE (t.tid = tid1 OR t.tid = tid2) AND (tid1 = ? OR tid2 = ?) AND t.tid != ? ORDER BY weight, name', $tid, $tid, $tid);
$related = array();
while ($term = db_fetch_object($result)) {
$related[$term->$key] = $term;
@@ -627,7 +627,7 @@
*/
function taxonomy_get_parents($tid, $key = 'tid') {
if ($tid) {
- $result = db_query(db_rewrite_sql('SELECT t.tid, t.* FROM {term_data} t INNER JOIN {term_hierarchy} h ON h.parent = t.tid WHERE h.tid = %d ORDER BY weight, name', 't', 'tid'), $tid);
+ $result = db_query(db_rewrite_sql('SELECT t.tid, t.* FROM {term_data} t INNER JOIN {term_hierarchy} h ON h.parent = t.tid WHERE h.tid = ? ORDER BY weight, name', 't', 'tid'), $tid);
$parents = array();
while ($parent = db_fetch_object($result)) {
$parents[$parent->$key] = $parent;
@@ -660,10 +660,10 @@
*/
function taxonomy_get_children($tid, $vid = 0, $key = 'tid') {
if ($vid) {
- $result = db_query(db_rewrite_sql('SELECT t.* FROM {term_data} t INNER JOIN {term_hierarchy} h ON h.tid = t.tid WHERE t.vid = %d AND h.parent = %d ORDER BY weight, name', 't', 'tid'), $vid, $tid);
+ $result = db_query(db_rewrite_sql('SELECT t.* FROM {term_data} t INNER JOIN {term_hierarchy} h ON h.tid = t.tid WHERE t.vid = ? AND h.parent = ? ORDER BY weight, name', 't', 'tid'), $vid, $tid);
}
else {
- $result = db_query(db_rewrite_sql('SELECT t.* FROM {term_data} t INNER JOIN {term_hierarchy} h ON h.tid = t.tid WHERE parent = %d ORDER BY weight, name', 't', 'tid'), $tid);
+ $result = db_query(db_rewrite_sql('SELECT t.* FROM {term_data} t INNER JOIN {term_hierarchy} h ON h.tid = t.tid WHERE parent = ? ORDER BY weight, name', 't', 'tid'), $tid);
}
$children = array();
while ($term = db_fetch_object($result)) {
@@ -703,7 +703,7 @@
if (!isset($children[$vid])) {
$children[$vid] = array();
- $result = db_query(db_rewrite_sql('SELECT t.tid, t.*, parent FROM {term_data} t INNER JOIN {term_hierarchy} h ON t.tid = h.tid WHERE t.vid = %d ORDER BY weight, name', 't', 'tid'), $vid);
+ $result = db_query(db_rewrite_sql('SELECT t.tid, t.*, parent FROM {term_data} t INNER JOIN {term_hierarchy} h ON t.tid = h.tid WHERE t.vid = ? ORDER BY weight, name', 't', 'tid'), $vid);
while ($term = db_fetch_object($result)) {
$children[$vid][$term->parent][] = $term->tid;
$parents[$vid][$term->tid][] = $term->parent;
@@ -739,7 +739,7 @@
function taxonomy_get_synonyms($tid) {
if ($tid) {
$synonyms = array();
- $result = db_query('SELECT name FROM {term_synonym} WHERE tid = %d', $tid);
+ $result = db_query('SELECT name FROM {term_synonym} WHERE tid = ?', $tid);
while ($synonym = db_fetch_array($result)) {
$synonyms[] = $synonym['name'];
}
@@ -754,7 +754,7 @@
* Return the term object that has the given string as a synonym.
*/
function taxonomy_get_synonym_root($synonym) {
- return db_fetch_object(db_query("SELECT * FROM {term_synonym} s, {term_data} t WHERE t.tid = s.tid AND s.name = '%s'", $synonym));
+ return db_fetch_object(db_query("SELECT * FROM {term_synonym} s, {term_data} t WHERE t.tid = s.tid AND s.name = ?", $synonym));
}
/**
@@ -780,7 +780,7 @@
$result = db_query(db_rewrite_sql('SELECT t.tid, COUNT(n.nid) AS c FROM {term_node} t INNER JOIN {node} n ON t.vid = n.vid WHERE n.status = 1 GROUP BY t.tid'));
}
else {
- $result = db_query(db_rewrite_sql("SELECT t.tid, COUNT(n.nid) AS c FROM {term_node} t INNER JOIN {node} n ON t.vid = n.vid WHERE n.status = 1 AND n.type = '%s' GROUP BY t.tid"), $type);
+ $result = db_query(db_rewrite_sql("SELECT t.tid, COUNT(n.nid) AS c FROM {term_node} t INNER JOIN {node} n ON t.vid = n.vid WHERE n.status = 1 AND n.type = ? GROUP BY t.tid"), $type);
}
while ($term = db_fetch_object($result)) {
$count[$type][$term->tid] = $term->c;
@@ -830,7 +830,7 @@
* An array of matching term objects.
*/
function taxonomy_get_term_by_name($name) {
- $db_result = db_query(db_rewrite_sql("SELECT t.tid, t.* FROM {term_data} t WHERE LOWER(t.name) LIKE LOWER('%s')", 't', 'tid'), trim($name));
+ $db_result = db_query(db_rewrite_sql("SELECT t.tid, t.* FROM {term_data} t WHERE LOWER(t.name) LIKE LOWER(?)", 't', 'tid'), trim($name));
$result = array();
while ($term = db_fetch_object($db_result)) {
$result[] = $term;
@@ -853,7 +853,7 @@
static $vocabularies = array();
if (!array_key_exists($vid, $vocabularies)) {
- $result = db_query('SELECT v.*, n.type FROM {vocabulary} v LEFT JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE v.vid = %d', $vid);
+ $result = db_query('SELECT v.*, n.type FROM {vocabulary} v LEFT JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE v.vid = ?', $vid);
$node_types = array();
while ($voc = db_fetch_object($result)) {
if (!empty($voc->type)) {
@@ -881,7 +881,7 @@
static $terms = array();
if (!isset($terms[$tid])) {
- $terms[$tid] = db_fetch_object(db_query('SELECT * FROM {term_data} WHERE tid = %d', $tid));
+ $terms[$tid] = db_fetch_object(db_query('SELECT * FROM {term_data} WHERE tid = ?', $tid));
}
return $terms[$tid];
Index: modules/taxonomy/taxonomy.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.admin.inc,v
retrieving revision 1.5
diff -u -r1.5 taxonomy.admin.inc
--- modules/taxonomy/taxonomy.admin.inc 2 Oct 2007 16:15:56 -0000 1.5
+++ modules/taxonomy/taxonomy.admin.inc 5 Oct 2007 07:23:50 -0000
@@ -180,7 +180,7 @@
if ($vocabulary->tags) {
// We are not calling taxonomy_get_tree because that might fail with a big
// number of tags in the freetagging vocabulary.
- $results = pager_query(db_rewrite_sql('SELECT t.*, h.parent FROM {term_data} t INNER JOIN {term_hierarchy} h ON t.tid = h.tid WHERE t.vid = %d ORDER BY weight, name', 't', 'tid'), $page_increment, 0, NULL, $vocabulary->vid);
+ $results = pager_query(db_rewrite_sql('SELECT t.*, h.parent FROM {term_data} t INNER JOIN {term_hierarchy} h ON t.tid = h.tid WHERE t.vid = ? ORDER BY weight, name', 't', 'tid'), $page_increment, 0, NULL, $vocabulary->vid);
while ($term = db_fetch_object($results)) {
$rows[] = array(
l($term->name, "taxonomy/term/$term->tid"),
Index: modules/contact/contact.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v
retrieving revision 1.97
diff -u -r1.97 contact.module
--- modules/contact/contact.module 16 Jul 2007 06:37:49 -0000 1.97
+++ modules/contact/contact.module 5 Oct 2007 07:23:48 -0000
@@ -124,7 +124,7 @@
* Load the data for a single contact category.
*/
function contact_load($cid) {
- $contact = db_fetch_array(db_query("SELECT * FROM {contact} WHERE cid = %d", $cid));
+ $contact = db_fetch_array(db_query("SELECT * FROM {contact} WHERE cid = ?", $cid));
return empty($contact) ? FALSE : $contact;
}
Index: modules/contact/contact.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.admin.inc,v
retrieving revision 1.2
diff -u -r1.2 contact.admin.inc
--- modules/contact/contact.admin.inc 16 Jul 2007 12:43:05 -0000 1.2
+++ modules/contact/contact.admin.inc 5 Oct 2007 07:23:48 -0000
@@ -110,13 +110,13 @@
}
$form_state['values']['recipients'] = implode(',', $recipients);
if (empty($form_state['values']['cid']) || $form_state['values']['contact_op'] == 'add') {
- db_query("INSERT INTO {contact} (category, recipients, reply, weight, selected) VALUES ('%s', '%s', '%s', %d, %d)", $form_state['values']['category'], $form_state['values']['recipients'], $form_state['values']['reply'], $form_state['values']['weight'], $form_state['values']['selected']);
+ db_query("INSERT INTO {contact} (category, recipients, reply, weight, selected) VALUES (?, ?, ?, ?, ?)", $form_state['values']['category'], $form_state['values']['recipients'], $form_state['values']['reply'], $form_state['values']['weight'], $form_state['values']['selected']);
drupal_set_message(t('Category %category has been added.', array('%category' => $form_state['values']['category'])));
watchdog('mail', 'Contact form: category %category added.', array('%category' => $form_state['values']['category']), WATCHDOG_NOTICE, l(t('view'), 'admin/build/contact'));
}
else {
- db_query("UPDATE {contact} SET category = '%s', recipients = '%s', reply = '%s', weight = %d, selected = %d WHERE cid = %d", $form_state['values']['category'], $form_state['values']['recipients'], $form_state['values']['reply'], $form_state['values']['weight'], $form_state['values']['selected'], $form_state['values']['cid']);
+ db_query("UPDATE {contact} SET category = ?, recipients = ?, reply = ?, weight = ?, selected = ? WHERE cid = ?", $form_state['values']['category'], $form_state['values']['recipients'], $form_state['values']['reply'], $form_state['values']['weight'], $form_state['values']['selected'], $form_state['values']['cid']);
drupal_set_message(t('Category %category has been updated.', array('%category' => $form_state['values']['category'])));
watchdog('mail', 'Contact form: category %category updated.', array('%category' => $form_state['values']['category']), WATCHDOG_NOTICE, l(t('view'), 'admin/build/contact'));
}
@@ -143,7 +143,7 @@
*/
function contact_admin_delete_submit($form, &$form_state) {
$contact = $form_state['values']['contact'];
- db_query("DELETE FROM {contact} WHERE cid = %d", $contact['cid']);
+ db_query("DELETE FROM {contact} WHERE cid = ?", $contact['cid']);
drupal_set_message(t('Category %category has been deleted.', array('%category' => $contact['category'])));
watchdog('mail', 'Contact form: category %category deleted.', array('%category' => $contact['category']), WATCHDOG_NOTICE);
Index: modules/upload/upload.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/upload/upload.module,v
retrieving revision 1.182
diff -u -r1.182 upload.module
--- modules/upload/upload.module 12 Sep 2007 18:29:32 -0000 1.182
+++ modules/upload/upload.module 5 Oct 2007 07:23:50 -0000
@@ -149,7 +149,7 @@
return -1;
}
$file = file_create_path($file);
- $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $file);
+ $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = ?", $file);
if ($file = db_fetch_object($result)) {
return array(
'Content-Type: '. $file->filemime,
@@ -390,13 +390,13 @@
// Remove file. Process removals first since no further processing
// will be required.
if (!empty($file->remove)) {
- db_query('DELETE FROM {upload} WHERE fid = %d AND vid = %d', $fid, $node->vid);
+ db_query('DELETE FROM {upload} WHERE fid = ? AND vid = ?', $fid, $node->vid);
// If the file isn't used by any other revisions delete it.
- $count = db_result(db_query('SELECT COUNT(fid) FROM {upload} WHERE fid = %d', $fid));
+ $count = db_result(db_query('SELECT COUNT(fid) FROM {upload} WHERE fid = ?', $fid));
if ($count < 1) {
file_delete($file->filepath);
- db_query('DELETE FROM {files} WHERE fid = %d', $fid);
+ db_query('DELETE FROM {files} WHERE fid = ?', $fid);
}
// Remove it from the session in the case of new uploads,
@@ -408,12 +408,12 @@
// Create a new revision, or associate a new file needed.
if (!empty($node->old_vid) || isset($_SESSION['upload_files'][$fid])) {
- db_query("INSERT INTO {upload} (fid, nid, vid, list, description) VALUES (%d, %d, %d, %d, '%s')", $file->fid, $node->nid, $node->vid, $file->list, $file->description);
+ db_query("INSERT INTO {upload} (fid, nid, vid, list, description) VALUES (?, ?, ?, ?, ?)", $file->fid, $node->nid, $node->vid, $file->list, $file->description);
file_set_status($file, FILE_STATUS_PERMANENT);
}
// Update existing revision.
else {
- db_query("UPDATE {upload} SET list = %d, description = '%s' WHERE fid = %d AND vid = %d", $file->list, $file->description, $file->fid, $node->vid);
+ db_query("UPDATE {upload} SET list = ?, description = ? WHERE fid = ? AND vid = ?", $file->list, $file->description, $file->fid, $node->vid);
file_set_status($file, FILE_STATUS_PERMANENT);
}
}
@@ -424,37 +424,37 @@
function upload_delete($node) {
$files = array();
- $result = db_query('SELECT DISTINCT f.* FROM {upload} u INNER JOIN {files} f ON u.fid = f.fid WHERE u.nid = %d', $node->nid);
+ $result = db_query('SELECT DISTINCT f.* FROM {upload} u INNER JOIN {files} f ON u.fid = f.fid WHERE u.nid = ?', $node->nid);
while ($file = db_fetch_object($result)) {
$files[$file->fid] = $file;
}
foreach ($files as $fid => $file) {
// Delete all files associated with the node
- db_query('DELETE FROM {files} WHERE fid = %d', $fid);
+ db_query('DELETE FROM {files} WHERE fid = ?', $fid);
file_delete($file->filepath);
}
// Delete all file revision information associated with the node
- db_query('DELETE FROM {upload} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {upload} WHERE nid = ?', $node->nid);
}
function upload_delete_revision($node) {
if (is_array($node->files)) {
foreach ($node->files as $file) {
// Check if the file will be used after this revision is deleted
- $count = db_result(db_query('SELECT COUNT(fid) FROM {upload} WHERE fid = %d', $file->fid));
+ $count = db_result(db_query('SELECT COUNT(fid) FROM {upload} WHERE fid = ?', $file->fid));
// if the file won't be used, delete it
if ($count < 2) {
- db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
+ db_query('DELETE FROM {files} WHERE fid = ?', $file->fid);
file_delete($file->filepath);
}
}
}
// delete the revision
- db_query('DELETE FROM {upload} WHERE vid = %d', $node->vid);
+ db_query('DELETE FROM {upload} WHERE vid = ?', $node->vid);
}
function _upload_form($node) {
@@ -542,7 +542,7 @@
$files = array();
if ($node->vid) {
- $result = db_query('SELECT * FROM {files} f INNER JOIN {upload} r ON f.fid = r.fid WHERE r.vid = %d ORDER BY f.fid', $node->vid);
+ $result = db_query('SELECT * FROM {files} f INNER JOIN {upload} r ON f.fid = r.fid WHERE r.vid = ? ORDER BY f.fid', $node->vid);
while ($file = db_fetch_object($result)) {
$files[$file->fid] = $file;
}
Index: modules/block/block.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/block/block.module,v
retrieving revision 1.278
diff -u -r1.278 block.module
--- modules/block/block.module 27 Sep 2007 16:52:00 -0000 1.278
+++ modules/block/block.module 5 Oct 2007 07:23:46 -0000
@@ -198,7 +198,7 @@
break;
case 'view':
- $block = db_fetch_object(db_query('SELECT body, format FROM {boxes} WHERE bid = %d', $delta));
+ $block = db_fetch_object(db_query('SELECT body, format FROM {boxes} WHERE bid = ?', $delta));
$data['content'] = check_markup($block->body, $block->format, FALSE);
return $data;
}
@@ -215,7 +215,7 @@
init_theme();
- $result = db_query("SELECT * FROM {blocks} WHERE theme = '%s'", $theme_key);
+ $result = db_query("SELECT * FROM {blocks} WHERE theme = ?", $theme_key);
while ($old_block = db_fetch_object($result)) {
$old_blocks[$old_block->module][$old_block->delta] = $old_block;
}
@@ -258,7 +258,7 @@
db_lock_table('blocks');
// Remove all blocks from table.
- db_query("DELETE FROM {blocks} WHERE theme = '%s'", $theme_key);
+ db_query("DELETE FROM {blocks} WHERE theme = ?", $theme_key);
// Reinsert new set of blocks into table.
foreach ($blocks as $block) {
@@ -266,7 +266,7 @@
'visibility' => NULL,
'throttle' => NULL,
);
- db_query("INSERT INTO {blocks} (module, delta, theme, status, weight, region, visibility, pages, custom, throttle, title, cache) VALUES ('%s', '%s', '%s', %d, %d, '%s', %d, '%s', %d, %d, '%s', %d)", $block['module'], $block['delta'], $theme_key, $block['status'], $block['weight'], $block['region'], $block['visibility'], $block['pages'], $block['custom'], $block['throttle'], $block['title'], $block['cache']);
+ db_query("INSERT INTO {blocks} (module, delta, theme, status, weight, region, visibility, pages, custom, throttle, title, cache) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $block['module'], $block['delta'], $theme_key, $block['status'], $block['weight'], $block['region'], $block['visibility'], $block['pages'], $block['custom'], $block['throttle'], $block['title'], $block['cache']);
}
db_unlock_tables();
@@ -274,7 +274,7 @@
}
function block_box_get($bid) {
- return db_fetch_array(db_query("SELECT bx.*, bl.title FROM {boxes} bx INNER JOIN {blocks} bl ON bx.bid = bl.delta WHERE bl.module = 'block' AND bx.bid = %d", $bid));
+ return db_fetch_array(db_query("SELECT bx.*, bl.title FROM {boxes} bx INNER JOIN {blocks} bl ON bx.bid = bl.delta WHERE bl.module = 'block' AND bx.bid = ?", $bid));
}
/**
@@ -316,7 +316,7 @@
$edit['format'] = FILTER_FORMAT_DEFAULT;
}
- db_query("UPDATE {boxes} SET body = '%s', info = '%s', format = %d WHERE bid = %d", $edit['body'], $edit['info'], $edit['format'], $delta);
+ db_query("UPDATE {boxes} SET body = ?, info = ?, format = ? WHERE bid = ?", $edit['body'], $edit['info'], $edit['format'], $delta);
return TRUE;
}
@@ -381,7 +381,7 @@
if (!count($blocks)) {
$rids = array_keys($user->roles);
- $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (". db_placeholders($rids) .") OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), array_merge(array($theme_key), $rids));
+ $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = ? AND b.status = 1 AND (r.rid IN (". db_placeholders($rids) .") OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), array_merge(array($theme_key), $rids));
while ($block = db_fetch_object($result)) {
if (!isset($blocks[$block->region])) {
$blocks[$block->region] = array();
Index: modules/block/block.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/block/block.admin.inc,v
retrieving revision 1.8
diff -u -r1.8 block.admin.inc
--- modules/block/block.admin.inc 1 Sep 2007 05:31:09 -0000 1.8
+++ modules/block/block.admin.inc 5 Oct 2007 07:23:46 -0000
@@ -66,7 +66,7 @@
foreach ($form_state['values'] as $block) {
$block['status'] = $block['region'] != BLOCK_REGION_NONE;
$block['region'] = $block['status'] ? $block['region'] : '';
- db_query("UPDATE {blocks} SET status = %d, weight = %d, region = '%s', throttle = %d WHERE module = '%s' AND delta = '%s' AND theme = '%s'", $block['status'], $block['weight'], $block['region'], isset($block['throttle']) ? $block['throttle'] : 0, $block['module'], $block['delta'], $block['theme']);
+ db_query("UPDATE {blocks} SET status = ?, weight = ?, region = ?, throttle = ? WHERE module = ? AND delta = ? AND theme = ?", $block['status'], $block['weight'], $block['region'], isset($block['throttle']) ? $block['throttle'] : 0, $block['module'], $block['delta'], $block['theme']);
}
drupal_set_message(t('The block settings have been updated.'));
cache_clear_all();
@@ -103,7 +103,7 @@
$form['module'] = array('#type' => 'value', '#value' => $module);
$form['delta'] = array('#type' => 'value', '#value' => $delta);
- $edit = db_fetch_array(db_query("SELECT pages, visibility, custom, title FROM {blocks} WHERE module = '%s' AND delta = '%s'", $module, $delta));
+ $edit = db_fetch_array(db_query("SELECT pages, visibility, custom, title FROM {blocks} WHERE module = ? AND delta = ?", $module, $delta));
$form['block_settings'] = array(
'#type' => 'fieldset',
@@ -153,7 +153,7 @@
// Role-based visibility settings
$default_role_options = array();
- $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
+ $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = ? AND delta = ?", $module, $delta);
while ($role = db_fetch_object($result)) {
$default_role_options[] = $role->rid;
}
@@ -219,7 +219,7 @@
function block_admin_configure_validate($form, &$form_state) {
if ($form_state['values']['module'] == 'block') {
- if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE bid != %d AND info = '%s'", $form_state['values']['delta'], $form_state['values']['info']))) {
+ if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE bid != ? AND info = ?", $form_state['values']['delta'], $form_state['values']['info']))) {
form_set_error('info', t('Please ensure that each block description is unique.'));
}
}
@@ -227,10 +227,10 @@
function block_admin_configure_submit($form, &$form_state) {
if (!form_get_errors()) {
- db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d, title = '%s' WHERE module = '%s' AND delta = '%s'", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $form_state['values']['delta']);
- db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_state['values']['module'], $form_state['values']['delta']);
+ db_query("UPDATE {blocks} SET visibility = ?, pages = ?, custom = ?, title = ? WHERE module = ? AND delta = ?", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $form_state['values']['delta']);
+ db_query("DELETE FROM {blocks_roles} WHERE module = ? AND delta = ?", $form_state['values']['module'], $form_state['values']['delta']);
foreach (array_filter($form_state['values']['roles']) as $rid) {
- db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_state['values']['module'], $form_state['values']['delta']);
+ db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (?, ?, ?)", $rid, $form_state['values']['module'], $form_state['values']['delta']);
}
module_invoke($form_state['values']['module'], 'block', 'save', $form_state['values']['delta'], $form_state['values']);
drupal_set_message(t('The block configuration has been saved.'));
@@ -248,7 +248,7 @@
}
function block_add_block_form_validate($form, &$form_state) {
- if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE info = '%s'", $form_state['values']['info']))) {
+ if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE info = ?", $form_state['values']['info']))) {
form_set_error('info', t('Please ensure that each block description is unique.'));
}
}
@@ -257,17 +257,17 @@
* Save the new custom block.
*/
function block_add_block_form_submit($form, &$form_state) {
- db_query("INSERT INTO {boxes} (body, info, format) VALUES ('%s', '%s', %d)", $form_state['values']['body'], $form_state['values']['info'], $form_state['values']['format']);
+ db_query("INSERT INTO {boxes} (body, info, format) VALUES (?, ?, ?)", $form_state['values']['body'], $form_state['values']['info'], $form_state['values']['format']);
$delta = db_last_insert_id('boxes', 'bid');
foreach (list_themes() as $key => $theme) {
if ($theme->status) {
- db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(%d, '%s', %d, '%s', '%s', '%s', %d, %d, %d, %d)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE);
+ db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE);
}
}
foreach (array_filter($form_state['values']['roles']) as $rid) {
- db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_state['values']['module'], $delta);
+ db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (?, ?, ?)", $rid, $form_state['values']['module'], $delta);
}
drupal_set_message(t('The block has been created.'));
@@ -292,8 +292,8 @@
* Deletion of custom blocks.
*/
function block_box_delete_submit($form, &$form_state) {
- db_query('DELETE FROM {boxes} WHERE bid = %d', $form_state['values']['bid']);
- db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = %d", $form_state['values']['bid']);
+ db_query('DELETE FROM {boxes} WHERE bid = ?', $form_state['values']['bid']);
+ db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = ?", $form_state['values']['bid']);
drupal_set_message(t('The block %name has been removed.', array('%name' => $form_state['values']['info'])));
cache_clear_all();
$form_state['redirect'] = 'admin/build/block';
Index: modules/statistics/statistics.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/statistics/statistics.pages.inc,v
retrieving revision 1.1
diff -u -r1.1 statistics.pages.inc
--- modules/statistics/statistics.pages.inc 23 Aug 2007 16:34:44 -0000 1.1
+++ modules/statistics/statistics.pages.inc 5 Oct 2007 07:23:49 -0000
@@ -15,7 +15,7 @@
array('data' => t('User'), 'field' => 'u.name'),
array('data' => t('Operations')));
- $result = pager_query('SELECT a.aid, a.timestamp, a.url, a.uid, u.name FROM {accesslog} a LEFT JOIN {users} u ON a.uid = u.uid WHERE a.path LIKE \'node/%d%%\''. tablesort_sql($header), 30, 0, NULL, $node->nid);
+ $result = pager_query('SELECT a.aid, a.timestamp, a.url, a.uid, u.name FROM {accesslog} a LEFT JOIN {users} u ON a.uid = u.uid WHERE a.path LIKE \'node/?%%\''. tablesort_sql($header), 30, 0, NULL, $node->nid);
$rows = array();
while ($log = db_fetch_object($result)) {
$rows[] = array(
@@ -47,7 +47,7 @@
array('data' => t('Page'), 'field' => 'path'),
array('data' => t('Operations')));
- $result = pager_query('SELECT aid, timestamp, path, title FROM {accesslog} WHERE uid = %d'. tablesort_sql($header), 30, 0, NULL, $account->uid);
+ $result = pager_query('SELECT aid, timestamp, path, title FROM {accesslog} WHERE uid = ?'. tablesort_sql($header), 30, 0, NULL, $account->uid);
$rows = array();
while ($log = db_fetch_object($result)) {
$rows[] = array(
Index: modules/statistics/statistics.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/statistics/statistics.admin.inc,v
retrieving revision 1.1
diff -u -r1.1 statistics.admin.inc
--- modules/statistics/statistics.admin.inc 23 Aug 2007 16:34:44 -0000 1.1
+++ modules/statistics/statistics.admin.inc 5 Oct 2007 07:23:49 -0000
@@ -137,7 +137,7 @@
* Menu callback; Displays recent page accesses.
*/
function statistics_access_log($aid) {
- $result = db_query('SELECT a.*, u.name FROM {accesslog} a LEFT JOIN {users} u ON a.uid = u.uid WHERE aid = %d', $aid);
+ $result = db_query('SELECT a.*, u.name FROM {accesslog} a LEFT JOIN {users} u ON a.uid = u.uid WHERE aid = ?', $aid);
if ($access = db_fetch_object($result)) {
$rows[] = array(
array('data' => t('URL'), 'header' => TRUE),
Index: modules/statistics/statistics.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/statistics/statistics.module,v
retrieving revision 1.266
diff -u -r1.266 statistics.module
--- modules/statistics/statistics.module 23 Aug 2007 16:34:44 -0000 1.266
+++ modules/statistics/statistics.module 5 Oct 2007 07:23:49 -0000
@@ -58,17 +58,17 @@
// We are counting content views.
if ((arg(0) == 'node') && is_numeric(arg(1)) && arg(2) == '') {
// A node has been viewed, so update the node's counters.
- db_query('UPDATE {node_counter} SET daycount = daycount + 1, totalcount = totalcount + 1, timestamp = %d WHERE nid = %d', time(), arg(1));
+ $result = db_query('UPDATE {node_counter} SET daycount = daycount + 1, totalcount = totalcount + 1, timestamp = ? WHERE nid = ?', time(), arg(1));
// If we affected 0 rows, this is the first time viewing the node.
- if (!db_affected_rows()) {
+ if (!db_affected_rows($result)) {
// We must create a new row to store counters for the new node.
- db_query('INSERT INTO {node_counter} (nid, daycount, totalcount, timestamp) VALUES (%d, 1, 1, %d)', arg(1), time());
+ db_query('INSERT INTO {node_counter} (nid, daycount, totalcount, timestamp) VALUES (?, 1, 1, ?)', arg(1), time());
}
}
}
if ((variable_get('statistics_enable_access_log', 0)) && (module_invoke('throttle', 'status') == 0)) {
// Log this page access.
- db_query("INSERT INTO {accesslog} (title, path, url, hostname, uid, sid, timer, timestamp) values('%s', '%s', '%s', '%s', %d, '%s', %d, %d)", strip_tags(drupal_get_title()), $_GET['q'], referer_uri(), ip_address(), $user->uid, session_id(), timer_read('page'), time());
+ db_query("INSERT INTO {accesslog} (title, path, url, hostname, uid, sid, timer, timestamp) values(?, ?, ?, ?, ?, ?, ?, ?)", strip_tags(drupal_get_title()), $_GET['q'], referer_uri(), ip_address(), $user->uid, session_id(), timer_read('page'), time());
}
}
@@ -176,7 +176,7 @@
*/
function statistics_user($op, &$edit, &$user) {
if ($op == 'delete') {
- db_query('UPDATE {accesslog} SET uid = 0 WHERE uid = %d', $user->uid);
+ db_query('UPDATE {accesslog} SET uid = 0 WHERE uid = ?', $user->uid);
}
}
@@ -193,7 +193,7 @@
}
/* clean expired access logs */
- db_query('DELETE FROM {accesslog} WHERE timestamp < %d', time() - variable_get('statistics_flush_accesslog_timer', 259200));
+ db_query('DELETE FROM {accesslog} WHERE timestamp < ?', time() - variable_get('statistics_flush_accesslog_timer', 259200));
}
/**
@@ -234,7 +234,7 @@
if ($nid > 0) {
/* retrieves an array with both totalcount and daycount */
- $statistics = db_fetch_array(db_query('SELECT totalcount, daycount, timestamp FROM {node_counter} WHERE nid = %d', $nid));
+ $statistics = db_fetch_array(db_query('SELECT totalcount, daycount, timestamp FROM {node_counter} WHERE nid = ?', $nid));
}
return $statistics;
@@ -320,6 +320,6 @@
switch ($op) {
case 'delete':
// clean up statistics table when node is deleted
- db_query('DELETE FROM {node_counter} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {node_counter} WHERE nid = ?', $node->nid);
}
}
Index: modules/menu/menu.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/menu/menu.module,v
retrieving revision 1.144
diff -u -r1.144 menu.module
--- modules/menu/menu.module 20 Sep 2007 08:41:33 -0000 1.144
+++ modules/menu/menu.module 5 Oct 2007 07:23:48 -0000
@@ -170,7 +170,7 @@
$link['mlid'] = 0;
$link['link_title'] = $menu['title'];
$link['link_path'] = 'admin/build/menu-customize/'. $menu['menu_name'];
- if (!db_result(db_query("SELECT mlid FROM {menu_links} WHERE link_path = '%s' AND plid = %d", $link['link_path'], $link['plid']))) {
+ if (!db_result(db_query("SELECT mlid FROM {menu_links} WHERE link_path = ? AND plid = ?", $link['link_path'], $link['plid']))) {
menu_link_save($link);
}
}
@@ -188,7 +188,7 @@
* Load the data for a single custom menu.
*/
function menu_load($menu_name) {
- return db_fetch_array(db_query("SELECT * FROM {menu_custom} WHERE menu_name = '%s'", $menu_name));
+ return db_fetch_array(db_query("SELECT * FROM {menu_custom} WHERE menu_name = ?", $menu_name));
}
/**
@@ -307,7 +307,7 @@
break;
case 'delete':
// Delete all menu module links that point to this node.
- $result = db_query("SELECT mlid FROM {menu_links} WHERE link_path = 'node/%d' AND module = 'menu'", $node->nid);
+ $result = db_query("SELECT mlid FROM {menu_links} WHERE link_path = 'node/?' AND module = 'menu'", $node->nid);
while ($m = db_fetch_array($result)) {
menu_link_delete($m['mlid']);
}
@@ -319,10 +319,10 @@
$item = array();
if (isset($node->nid)) {
// Give priority to the default menu
- $mlid = db_result(db_query_range("SELECT mlid FROM {menu_links} WHERE link_path = 'node/%d' AND menu_name = '%s' AND module = 'menu' ORDER BY mlid ASC", $node->nid, $menu_name, 0, 1));
+ $mlid = db_result(db_query_range("SELECT mlid FROM {menu_links} WHERE link_path = 'node/?' AND menu_name = ? AND module = 'menu' ORDER BY mlid ASC", $node->nid, $menu_name, 0, 1));
// Check all menus if a link does not exist in the default menu.
if (!$mlid) {
- $mlid = db_result(db_query_range("SELECT mlid FROM {menu_links} WHERE link_path = 'node/%d' AND module = 'menu' ORDER BY mlid ASC", $node->nid, 0, 1));
+ $mlid = db_result(db_query_range("SELECT mlid FROM {menu_links} WHERE link_path = 'node/?' AND module = 'menu' ORDER BY mlid ASC", $node->nid, 0, 1));
}
if ($mlid) {
$item = menu_link_load($mlid);
@@ -433,7 +433,7 @@
$system_menus = menu_list_system_menus();
$sql = 'SELECT * FROM {menu_custom}';
if (!$all) {
- $sql .= ' WHERE menu_name NOT IN ('. implode(',', array_fill(0, count($system_menus), "'%s'")) .')';
+ $sql .= ' WHERE menu_name NOT IN ('. implode(',', array_fill(0, count($system_menus), "?")) .')';
}
$sql .= ' ORDER BY title';
$result = db_query($sql, $system_menus);
@@ -459,7 +459,7 @@
}
elseif (preg_match('/\/\%/', $path)) {
// Path is dynamic (ie 'user/%'), so check directly against menu_router table.
- if ($item = db_fetch_array(db_query("SELECT * FROM {menu_router} where path = '%s' ", $path))) {
+ if ($item = db_fetch_array(db_query("SELECT * FROM {menu_router} where path = ? ", $path))) {
$item['link_path'] = $form_item['link_path'];
$item['link_title'] = $form_item['link_title'];
$item['external'] = FALSE;
Index: modules/menu/menu.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/menu/menu.install,v
retrieving revision 1.6
diff -u -r1.6 menu.install
--- modules/menu/menu.install 20 Aug 2007 18:18:15 -0000 1.6
+++ modules/menu/menu.install 5 Oct 2007 07:23:48 -0000
@@ -7,9 +7,9 @@
function menu_install() {
// Create tables.
drupal_install_schema('menu');
- db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES ('%s', '%s', '%s')", 'navigation', 'Navigation', 'The navigation menu is provided by Drupal and is the main interactive menu for any site. It is usually the only menu that contains personalized links for authenticated users, and is often not even visible to anonymous users.');
- db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES ('%s', '%s', '%s')", 'primary-links', 'Primary links', 'Primary links are often used at the theme layer to show the major sections of a site. A typical representation for primary links would be tabs along the top.');
- db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES ('%s', '%s', '%s')", 'secondary-links', 'Secondary links', 'Secondary links are often used for pages like legal notices, contact details, and other secondary navigation items that play a lesser role than primary links');
+ db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES (?, ?, ?)", 'navigation', 'Navigation', 'The navigation menu is provided by Drupal and is the main interactive menu for any site. It is usually the only menu that contains personalized links for authenticated users, and is often not even visible to anonymous users.');
+ db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES (?, ?, ?)", 'primary-links', 'Primary links', 'Primary links are often used at the theme layer to show the major sections of a site. A typical representation for primary links would be tabs along the top.');
+ db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES (?, ?, ?)", 'secondary-links', 'Secondary links', 'Secondary links are often used for pages like legal notices, contact details, and other secondary navigation items that play a lesser role than primary links');
}
/**
Index: modules/menu/menu.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/menu/menu.admin.inc,v
retrieving revision 1.3
diff -u -r1.3 menu.admin.inc
--- modules/menu/menu.admin.inc 27 Sep 2007 16:59:54 -0000 1.3
+++ modules/menu/menu.admin.inc 5 Oct 2007 07:23:48 -0000
@@ -29,9 +29,9 @@
$sql ="
SELECT m.load_functions, m.to_arg_functions, m.access_callback, m.access_arguments, m.page_callback, m.page_arguments, m.title, m.title_callback, m.title_arguments, m.type, ml.*
FROM {menu_links} ml LEFT JOIN {menu_router} m ON m.path = ml.router_path
- WHERE ml.menu_name = '%s'
+ WHERE ml.menu_name = ?
ORDER BY p1 ASC, p2 ASC, p3 ASC, p4 ASC, p5 ASC, p6 ASC, p7 ASC, p8 ASC, p9 ASC";
- $sql_count = "SELECT COUNT(*) FROM {menu_links} ml WHERE menu_name = '%s'";
+ $sql_count = "SELECT COUNT(*) FROM {menu_links} ml WHERE menu_name = ?";
$result = pager_query($sql, 200, 0, $sql_count, $menu['menu_name']);
$tree = menu_tree_data($result);
$node_links = array();
@@ -327,7 +327,7 @@
function menu_delete_menu_confirm(&$form_state, $menu) {
$form['#menu'] = $menu;
$caption = '';
- $num_links = db_result(db_query("SELECT COUNT(*) FROM {menu_links} WHERE menu_name = '%s'", $menu['menu_name']));
+ $num_links = db_result(db_query("SELECT COUNT(*) FROM {menu_links} WHERE menu_name = ?", $menu['menu_name']));
if ($num_links) {
$caption .= ''. format_plural($num_links, 'Warning: There is currently 1 menu item in %title. It will be deleted (system-defined items will be reset).', 'Warning: There are currently @count menu items in %title. They will be deleted (system-defined items will be reset).', array('%title' => $menu['title'])) .'
';
}
@@ -342,25 +342,25 @@
$menu = $form['#menu'];
$form_state['redirect'] = 'admin/build/menu';
// System-defined menus may not be deleted - only menus defined by this module.
- if (in_array($menu['menu_name'], menu_list_system_menus()) || !db_result(db_query("SELECT COUNT(*) FROM {menu_custom} WHERE menu_name = '%s'", $menu['menu_name']))) {
+ if (in_array($menu['menu_name'], menu_list_system_menus()) || !db_result(db_query("SELECT COUNT(*) FROM {menu_custom} WHERE menu_name = ?", $menu['menu_name']))) {
return;
}
// Reset all the menu links defined by the system via hook_menu.
- $result = db_query("SELECT * FROM {menu_links} ml INNER JOIN {menu_router} m ON ml.router_path = m.path WHERE ml.menu_name = '%s' AND ml.module = 'system' ORDER BY m.number_parts ASC", $menu['menu_name']);
+ $result = db_query("SELECT * FROM {menu_links} ml INNER JOIN {menu_router} m ON ml.router_path = m.path WHERE ml.menu_name = ? AND ml.module = 'system' ORDER BY m.number_parts ASC", $menu['menu_name']);
while ($item = db_fetch_array($result)) {
menu_reset_item($item);
}
// Delete all links to the overview page for this menu.
- $result = db_query("SELECT mlid FROM {menu_links} ml WHERE ml.link_path = '%s'", 'admin/build/menu-customize/'. $menu['menu_name']);
+ $result = db_query("SELECT mlid FROM {menu_links} ml WHERE ml.link_path = ?", 'admin/build/menu-customize/'. $menu['menu_name']);
while ($m = db_fetch_array($result)) {
menu_link_delete($m['mlid']);
}
// Delete all the links in the menu and the menu from the list of custom menus.
- db_query("DELETE FROM {menu_links} WHERE menu_name = '%s'", $menu['menu_name']);
- db_query("DELETE FROM {menu_custom} WHERE menu_name = '%s'", $menu['menu_name']);
+ db_query("DELETE FROM {menu_links} WHERE menu_name = ?", $menu['menu_name']);
+ db_query("DELETE FROM {menu_custom} WHERE menu_name = ?", $menu['menu_name']);
// Delete all the blocks for this menu.
- db_query("DELETE FROM {blocks} WHERE module = 'menu' AND delta = '%s'", $menu['menu_name']);
- db_query("DELETE FROM {blocks_roles} WHERE module = 'menu' AND delta = '%s'", $menu['menu_name']);
+ db_query("DELETE FROM {blocks} WHERE module = 'menu' AND delta = ?", $menu['menu_name']);
+ db_query("DELETE FROM {blocks_roles} WHERE module = 'menu' AND delta = ?", $menu['menu_name']);
menu_cache_clear_all();
cache_clear_all();
$t_args = array('%title' => $menu['title']);
@@ -382,8 +382,8 @@
if ($form['#insert']) {
// We will add 'menu-' to the menu name to help avoid name-space conflicts.
$item['menu_name'] = 'menu-'. $item['menu_name'];
- if (db_result(db_query("SELECT menu_name FROM {menu_custom} WHERE menu_name = '%s'", $item['menu_name'])) ||
- db_result(db_query_range("SELECT menu_name FROM {menu_links} WHERE menu_name = '%s'", $item['menu_name'], 0, 1))) {
+ if (db_result(db_query("SELECT menu_name FROM {menu_custom} WHERE menu_name = ?", $item['menu_name'])) ||
+ db_result(db_query_range("SELECT menu_name FROM {menu_links} WHERE menu_name = ?", $item['menu_name'], 0, 1))) {
form_set_error('menu_name', t('The menu already exists.'));
}
}
@@ -402,13 +402,13 @@
$link['link_path'] = $path . $menu['menu_name'];
$link['router_path'] = $path .'%';
$link['module'] = 'menu';
- $link['plid'] = db_result(db_query("SELECT mlid FROM {menu_links} WHERE link_path = '%s' AND module = '%s'", 'admin/build/menu', 'system'));
+ $link['plid'] = db_result(db_query("SELECT mlid FROM {menu_links} WHERE link_path = ? AND module = ?", 'admin/build/menu', 'system'));
menu_link_save($link);
- db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES ('%s', '%s', '%s')", $menu['menu_name'], $menu['title'], $menu['description']);
+ db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES (?, ?, ?)", $menu['menu_name'], $menu['title'], $menu['description']);
}
else {
- db_query("UPDATE {menu_custom} SET title = '%s', description = '%s' WHERE menu_name = '%s'", $menu['title'], $menu['description'], $menu['menu_name']);
- $result = db_query("SELECT mlid FROM {menu_links} WHERE link_path = '%s'", $path . $menu['menu_name']);
+ db_query("UPDATE {menu_custom} SET title = ?, description = ? WHERE menu_name = ?", $menu['title'], $menu['description'], $menu['menu_name']);
+ $result = db_query("SELECT mlid FROM {menu_links} WHERE link_path = ?", $path . $menu['menu_name']);
while ($m = db_fetch_array($result)) {
$link = menu_link_load($m['mlid']);
$link['link_title'] = $menu['title'];
Index: install.php
===================================================================
RCS file: /cvs/drupal/drupal/install.php,v
retrieving revision 1.78
diff -u -r1.78 install.php
--- install.php 28 Sep 2007 13:06:46 -0000 1.78
+++ install.php 5 Oct 2007 07:23:43 -0000
@@ -128,7 +128,7 @@
*/
function install_verify_drupal() {
// Read the variable manually using the @ so we don't trigger an error if it fails.
- $result = @db_query("SELECT value FROM {variable} WHERE name = '%s'", 'install_task');
+ $result = @db_query("SELECT value FROM {variable} WHERE name = ?", 'install_task');
if ($result) {
return unserialize(db_result($result));
}
@@ -224,11 +224,6 @@
}
$db_types = drupal_detect_database_types();
- // If both 'mysql' and 'mysqli' are available, we disable 'mysql':
- if (isset($db_types['mysqli'])) {
- unset($db_types['mysql']);
- }
-
if (count($db_types) == 0) {
$form['no_db_types'] = array(
'#value' => st('Your web server does not appear to support any common database types. Check with your hosting provider to see if they offer any databases that Drupal supports.', array('@drupal-databases' => 'http://drupal.org/node/270#database')),
Index: update.php
===================================================================
RCS file: /cvs/drupal/drupal/update.php,v
retrieving revision 1.234
diff -u -r1.234 update.php
--- update.php 2 Oct 2007 08:41:13 -0000 1.234
+++ update.php 5 Oct 2007 07:23:43 -0000
@@ -505,7 +505,7 @@
foreach ($core_modules as $module) {
$old_path = "modules/$module.module";
$new_path = "modules/$module/$module.module";
- db_query("UPDATE {system} SET filename = '%s' WHERE filename = '%s'", $new_path, $old_path);
+ db_query("UPDATE {system} SET filename = ? WHERE filename = ?", $new_path, $old_path);
}
$row = db_fetch_object(db_query_range('SELECT * FROM {system}', 0, 1));
if (!isset($row->weight)) {
Index: modules/translation/translation.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/translation/translation.module,v
retrieving revision 1.13
diff -u -r1.13 translation.module
--- modules/translation/translation.module 5 Sep 2007 08:42:02 -0000 1.13
+++ modules/translation/translation.module 5 Oct 2007 07:23:50 -0000
@@ -253,19 +253,19 @@
else {
// Create new translation set, using nid from the source node.
$tnid = $node->translation_source->nid;
- db_query("UPDATE {node} SET tnid = %d, translate = %d WHERE nid = %d", $tnid, 0, $node->translation_source->nid);
+ db_query("UPDATE {node} SET tnid = ?, translate = ? WHERE nid = ?", $tnid, 0, $node->translation_source->nid);
}
- db_query("UPDATE {node} SET tnid = %d, translate = %d WHERE nid = %d", $tnid, 0, $node->nid);
+ db_query("UPDATE {node} SET tnid = ?, translate = ? WHERE nid = ?", $tnid, 0, $node->nid);
}
break;
case 'update':
if (isset($node->translation) && $node->translation && !empty($node->language) && $node->tnid) {
// Update translation information.
- db_query("UPDATE {node} SET tnid = %d, translate = %d WHERE nid = %d", $node->tnid, $node->translation['status'], $node->nid);
+ db_query("UPDATE {node} SET tnid = ?, translate = ? WHERE nid = ?", $node->tnid, $node->translation['status'], $node->nid);
if (!empty($node->translation['retranslate'])) {
// This is the source node, asking to mark all translations outdated.
- db_query("UPDATE {node} SET translate = 1 WHERE tnid = %d AND nid != %d", $node->tnid, $node->nid);
+ db_query("UPDATE {node} SET translate = 1 WHERE tnid = ? AND nid != ?", $node->tnid, $node->nid);
}
}
break;
@@ -282,18 +282,18 @@
*/
function translation_remove_from_set($node) {
if (isset($node->tnid)) {
- if (db_result(db_query('SELECT COUNT(*) FROM {node} WHERE tnid = %d', $node->tnid)) <= 2) {
+ if (db_result(db_query('SELECT COUNT(*) FROM {node} WHERE tnid = ?', $node->tnid)) <= 2) {
// There would only be one node left in the set: remove the set altogether.
- db_query('UPDATE {node} SET tnid = 0, translate = 0 WHERE tnid = %d', $node->tnid);
+ db_query('UPDATE {node} SET tnid = 0, translate = 0 WHERE tnid = ?', $node->tnid);
}
else {
- db_query('UPDATE {node} SET tnid = 0, translate = 0 WHERE nid = %d', $node->nid);
+ db_query('UPDATE {node} SET tnid = 0, translate = 0 WHERE nid = ?', $node->nid);
// If the node being removed was the source of the translation set,
// we pick a new source - preferably one that is up to date.
if ($node->tnid == $node->nid) {
- $new_tnid = db_result(db_query('SELECT nid FROM {node} WHERE tnid = %d ORDER BY translate ASC, nid ASC', $node->tnid));
- db_query('UPDATE {node} SET tnid = %d WHERE tnid = %d', $new_tnid, $node->tnid);
+ $new_tnid = db_result(db_query('SELECT nid FROM {node} WHERE tnid = ? ORDER BY translate ASC, nid ASC', $node->tnid));
+ db_query('UPDATE {node} SET tnid = ? WHERE tnid = ?', $new_tnid, $node->tnid);
}
}
}
@@ -318,7 +318,7 @@
if (is_numeric($tnid) && $tnid) {
if (!isset($translations[$tnid])) {
$translations[$tnid] = array();
- $result = db_query(db_rewrite_sql('SELECT nid, title, language FROM {node} WHERE tnid = %d'), $tnid);
+ $result = db_query(db_rewrite_sql('SELECT nid, title, language FROM {node} WHERE tnid = ?'), $tnid);
while ($node = db_fetch_object($result)) {
$translations[$tnid][$node->language] = $node;
}
Index: modules/tracker/tracker.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/tracker/tracker.pages.inc,v
retrieving revision 1.2
diff -u -r1.2 tracker.pages.inc
--- modules/tracker/tracker.pages.inc 2 Sep 2007 14:56:18 -0000 1.2
+++ modules/tracker/tracker.pages.inc 5 Oct 2007 07:23:50 -0000
@@ -34,9 +34,9 @@
// TODO: These queries are very expensive, see http://drupal.org/node/105639
if ($uid) {
- $sql = 'SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, GREATEST(n.changed, l.last_comment_timestamp) AS last_updated, l.comment_count FROM {node} n INNER JOIN {node_comment_statistics} l ON n.nid = l.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = %d OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) ORDER BY last_updated DESC';
+ $sql = 'SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, GREATEST(n.changed, l.last_comment_timestamp) AS last_updated, l.comment_count FROM {node} n INNER JOIN {node_comment_statistics} l ON n.nid = l.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = ? OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = ? OR c.uid = ?) ORDER BY last_updated DESC';
$sql = db_rewrite_sql($sql);
- $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = %d OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)';
+ $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = ? OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = ? OR c.uid = ?)';
$sql_count = db_rewrite_sql($sql_count);
$result = pager_query($sql, 25, 0, $sql_count, COMMENT_PUBLISHED, $uid, $uid);
}
Index: modules/blogapi/blogapi.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/blogapi/blogapi.module,v
retrieving revision 1.108
diff -u -r1.108 blogapi.module
--- modules/blogapi/blogapi.module 5 Sep 2007 08:42:01 -0000 1.108
+++ modules/blogapi/blogapi.module 5 Oct 2007 07:23:46 -0000
@@ -322,10 +322,10 @@
$type = _blogapi_blogid($blogid);
if ($bodies) {
- $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
+ $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = ? AND n.uid = ? ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
}
else {
- $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
+ $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = ? AND n.uid = ? ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
}
$blogs = array();
while ($blog = db_fetch_object($result)) {
Index: modules/forum/forum.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/forum/forum.module,v
retrieving revision 1.419
diff -u -r1.419 forum.module
--- modules/forum/forum.module 10 Sep 2007 08:06:59 -0000 1.419
+++ modules/forum/forum.module 5 Oct 2007 07:23:48 -0000
@@ -70,7 +70,7 @@
* An associative array containing the term data or FALSE if the term cannot be loaded, or is not part of the forum vocabulary.
*/
function forum_term_load($tid) {
- $result = db_query(db_rewrite_sql('SELECT t.tid, t.vid, t.name, t.description, t.weight FROM {term_data} t WHERE t.tid = %d AND t.vid = %d', 't', 'tid'), $tid, variable_get('forum_nav_vocabulary', ''));
+ $result = db_query(db_rewrite_sql('SELECT t.tid, t.vid, t.name, t.description, t.weight FROM {term_data} t WHERE t.tid = ? AND t.vid = ?', 't', 'tid'), $tid, variable_get('forum_nav_vocabulary', ''));
return db_fetch_array($result);
}
@@ -223,7 +223,7 @@
$vocabulary = $vid;
$containers = variable_get('forum_containers', array());
foreach ($node->taxonomy as $term) {
- if (db_result(db_query('SELECT COUNT(*) FROM {term_data} WHERE tid = %d AND vid = %d', $term, $vocabulary))) {
+ if (db_result(db_query('SELECT COUNT(*) FROM {term_data} WHERE tid = ? AND vid = ?', $term, $vocabulary))) {
if (in_array($term, $containers)) {
$term = taxonomy_get_term($term);
form_set_error('taxonomy', t('The item %forum is only a container for forums. Please select one of the forums below it.', array('%forum' => $term->name)));
@@ -251,7 +251,7 @@
$node->tid = $term_id;
}
}
- $old_tid = db_result(db_query_range("SELECT t.tid FROM {term_node} t INNER JOIN {node} n ON t.vid = n.vid WHERE n.nid = %d ORDER BY t.vid DESC", $node->nid, 0, 1));
+ $old_tid = db_result(db_query_range("SELECT t.tid FROM {term_node} t INNER JOIN {node} n ON t.vid = n.vid WHERE n.nid = ? ORDER BY t.vid DESC", $node->nid, 0, 1));
if ($old_tid) {
if (($node->tid != $old_tid) && $node->shadow) {
// A shadow copy needs to be created. Retain new term and add old term.
@@ -262,18 +262,18 @@
break;
case 'update':
if (!$node->revision) {
- db_query('UPDATE {forum} SET tid = %d WHERE vid = %d', $node->tid, $node->vid);
+ db_query('UPDATE {forum} SET tid = ? WHERE vid = ?', $node->tid, $node->vid);
break;
}
// Deliberate no break -- for new revisions we need an insert.
case 'insert':
- db_query('INSERT INTO {forum} (tid, vid, nid) VALUES (%d, %d, %d)', $node->tid, $node->vid, $node->nid);
+ db_query('INSERT INTO {forum} (tid, vid, nid) VALUES (?, ?, ?)', $node->tid, $node->vid, $node->nid);
break;
case 'delete':
- db_query('DELETE FROM {forum} WHERE nid = %d', $node->nid);
+ db_query('DELETE FROM {forum} WHERE nid = ?', $node->nid);
break;
case 'load':
- return db_fetch_object(db_query('SELECT tid AS forum_tid FROM {forum} WHERE vid = %d', $node->vid));
+ return db_fetch_object(db_query('SELECT tid AS forum_tid FROM {forum} WHERE vid = ?', $node->vid));
}
return;
@@ -324,7 +324,7 @@
if ($op == 'delete' && $term['vid'] == variable_get('forum_nav_vocabulary', '')) {
switch ($type) {
case 'term':
- $results = db_query('SELECT tn.nid FROM {term_node} tn WHERE tn.tid = %d', $term['tid']);
+ $results = db_query('SELECT tn.nid FROM {term_node} tn WHERE tn.tid = ?', $term['tid']);
while ($node = db_fetch_object($results)) {
// node_delete will also remove any association with non-forum vocabularies.
node_delete($node->nid);
@@ -371,7 +371,7 @@
* Implementation of hook_load().
*/
function forum_load($node) {
- $forum = db_fetch_object(db_query('SELECT * FROM {term_node} WHERE vid = %d', $node->vid));
+ $forum = db_fetch_object(db_query('SELECT * FROM {term_node} WHERE vid = ?', $node->vid));
return $forum;
}
@@ -402,14 +402,14 @@
switch ($delta) {
case 0:
$title = t('Active forum topics');
- $sql = db_rewrite_sql("SELECT n.nid, n.title, l.comment_count, l.last_comment_timestamp FROM {node} n INNER JOIN {term_node} tn ON tn.nid = n.nid INNER JOIN {term_data} td ON td.tid = tn.tid INNER JOIN {node_comment_statistics} l ON n.nid = l.nid WHERE n.status = 1 AND td.vid = %d ORDER BY l.last_comment_timestamp DESC");
+ $sql = db_rewrite_sql("SELECT n.nid, n.title, l.comment_count, l.last_comment_timestamp FROM {node} n INNER JOIN {term_node} tn ON tn.nid = n.nid INNER JOIN {term_data} td ON td.tid = tn.tid INNER JOIN {node_comment_statistics} l ON n.nid = l.nid WHERE n.status = 1 AND td.vid = ? ORDER BY l.last_comment_timestamp DESC");
$result = db_query_range($sql, variable_get('forum_nav_vocabulary', ''), 0, variable_get('forum_block_num_0', '5'));
$content = node_title_list($result);
break;
case 1:
$title = t('New forum topics');
- $sql = db_rewrite_sql("SELECT n.nid, n.title, l.comment_count FROM {node} n INNER JOIN {term_node} tn ON tn.nid = n.nid INNER JOIN {term_data} td ON td.tid = tn.tid INNER JOIN {node_comment_statistics} l ON n.nid = l.nid WHERE n.status = 1 AND td.vid = %d ORDER BY n.nid DESC");
+ $sql = db_rewrite_sql("SELECT n.nid, n.title, l.comment_count FROM {node} n INNER JOIN {term_node} tn ON tn.nid = n.nid INNER JOIN {term_data} td ON td.tid = tn.tid INNER JOIN {node_comment_statistics} l ON n.nid = l.nid WHERE n.status = 1 AND td.vid = ? ORDER BY n.nid DESC");
$result = db_query_range($sql, variable_get('forum_nav_vocabulary', ''), 0, variable_get('forum_block_num_1', '5'));
$content = node_title_list($result);
break;
@@ -511,7 +511,7 @@
// This query does not use full ANSI syntax since MySQL 3.x does not support
// table1 INNER JOIN table2 INNER JOIN table3 ON table2_criteria ON table3_criteria
// used to join node_comment_statistics to users.
- $sql = "SELECT ncs.last_comment_timestamp, IF (ncs.last_comment_uid != 0, u2.name, ncs.last_comment_name) AS last_comment_name, ncs.last_comment_uid FROM {node} n INNER JOIN {users} u1 ON n.uid = u1.uid INNER JOIN {term_node} tn ON n.vid = tn.vid INNER JOIN {node_comment_statistics} ncs ON n.nid = ncs.nid INNER JOIN {users} u2 ON ncs.last_comment_uid=u2.uid WHERE n.status = 1 AND tn.tid = %d ORDER BY ncs.last_comment_timestamp DESC";
+ $sql = "SELECT ncs.last_comment_timestamp, IF (ncs.last_comment_uid != 0, u2.name, ncs.last_comment_name) AS last_comment_name, ncs.last_comment_uid FROM {node} n INNER JOIN {users} u1 ON n.uid = u1.uid INNER JOIN {term_node} tn ON n.vid = tn.vid INNER JOIN {node_comment_statistics} ncs ON n.nid = ncs.nid INNER JOIN {users} u2 ON ncs.last_comment_uid=u2.uid WHERE n.status = 1 AND tn.tid = ? ORDER BY ncs.last_comment_timestamp DESC";
$sql = db_rewrite_sql($sql);
$topic = db_fetch_object(db_query_range($sql, $forum->tid, 0, 1));
@@ -534,7 +534,7 @@
* than NODE_NEW_LIMIT.
*/
function _forum_topics_unread($term, $uid) {
- $sql = "SELECT COUNT(n.nid) FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid AND tn.tid = %d LEFT JOIN {history} h ON n.nid = h.nid AND h.uid = %d WHERE n.status = 1 AND n.created > %d AND h.nid IS NULL";
+ $sql = "SELECT COUNT(n.nid) FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid AND tn.tid = ? LEFT JOIN {history} h ON n.nid = h.nid AND h.uid = ? WHERE n.status = 1 AND n.created > ? AND h.nid IS NULL";
$sql = db_rewrite_sql($sql);
return db_result(db_query($sql, $term, $uid, NODE_NEW_LIMIT));
}
@@ -559,11 +559,11 @@
$term = taxonomy_get_term($tid);
- $sql = db_rewrite_sql("SELECT n.nid, r.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid != 0, cu.name, l.last_comment_name) AS last_comment_name, l.last_comment_uid, l.comment_count AS num_comments, f.tid AS forum_tid FROM {node_comment_statistics} l INNER JOIN {node} n ON n.nid = l.nid INNER JOIN {users} cu ON l.last_comment_uid = cu.uid INNER JOIN {term_node} r ON n.vid = r.vid INNER JOIN {users} u ON n.uid = u.uid INNER JOIN {forum} f ON n.vid = f.vid WHERE n.status = 1 AND r.tid = %d");
+ $sql = db_rewrite_sql("SELECT n.nid, r.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid != 0, cu.name, l.last_comment_name) AS last_comment_name, l.last_comment_uid, l.comment_count AS num_comments, f.tid AS forum_tid FROM {node_comment_statistics} l INNER JOIN {node} n ON n.nid = l.nid INNER JOIN {users} cu ON l.last_comment_uid = cu.uid INNER JOIN {term_node} r ON n.vid = r.vid INNER JOIN {users} u ON n.uid = u.uid INNER JOIN {forum} f ON n.vid = f.vid WHERE n.status = 1 AND r.tid = ?");
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
$sql .= ', n.created DESC'; // Always add a secondary sort order so that the news forum topics are on top.
- $sql_count = db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = %d WHERE n.status = 1");
+ $sql_count = db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = ? WHERE n.status = 1");
$result = pager_query($sql, $forum_per_page, 0, $sql_count, $tid);
$topics = array();
@@ -604,7 +604,7 @@
function _forum_new($tid) {
global $user;
- $sql = "SELECT n.nid FROM {node} n LEFT JOIN {history} h ON n.nid = h.nid AND h.uid = %d INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = %d WHERE n.status = 1 AND h.nid IS NULL AND n.created > %d ORDER BY created";
+ $sql = "SELECT n.nid FROM {node} n LEFT JOIN {history} h ON n.nid = h.nid AND h.uid = ? INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = ? WHERE n.status = 1 AND h.nid IS NULL AND n.created > ? ORDER BY created";
$sql = db_rewrite_sql($sql);
$nid = db_result(db_query_range($sql, $user->uid, $tid, NODE_NEW_LIMIT, 0, 1));
@@ -871,7 +871,7 @@
$output = '';
// get previous and next topic
- $sql = "SELECT n.nid, n.title, n.sticky, l.comment_count, l.last_comment_timestamp FROM {node} n INNER JOIN {node_comment_statistics} l ON n.nid = l.nid INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = %d WHERE n.status = 1 ORDER BY n.sticky DESC, ". _forum_get_topic_order_sql(variable_get('forum_order', 1));
+ $sql = "SELECT n.nid, n.title, n.sticky, l.comment_count, l.last_comment_timestamp FROM {node} n INNER JOIN {node_comment_statistics} l ON n.nid = l.nid INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = ? WHERE n.status = 1 ORDER BY n.sticky DESC, ". _forum_get_topic_order_sql(variable_get('forum_order', 1));
$result = db_query(db_rewrite_sql($sql), isset($variables['node']->tid) ? $variables['node']->tid : 0);
$stop = $variables['prev'] = $variables['next'] = 0;
@@ -912,7 +912,7 @@
static $history = array();
if (empty($history)) {
- $result = db_query('SELECT nid, timestamp FROM {history} WHERE uid = %d', $user->uid);
+ $result = db_query('SELECT nid, timestamp FROM {history} WHERE uid = ?', $user->uid);
while ($t = db_fetch_object($result)) {
$history[$t->nid] = $t->timestamp > NODE_NEW_LIMIT ? $t->timestamp : NODE_NEW_LIMIT;
}
Index: modules/trigger/trigger.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/trigger/trigger.module,v
retrieving revision 1.2
diff -u -r1.2 trigger.module
--- modules/trigger/trigger.module 26 Sep 2007 18:19:22 -0000 1.2
+++ modules/trigger/trigger.module 5 Oct 2007 07:23:50 -0000
@@ -97,7 +97,7 @@
if (in_array($module, array('node', 'comment', 'user', 'system', 'taxonomy'))) {
continue;
}
- $info = db_result(db_query("SELECT info FROM {system} WHERE name = '%s'", $module));
+ $info = db_result(db_query("SELECT info FROM {system} WHERE name = ?", $module));
$info = unserialize($info);
$nice_name = $info['name'];
$items["admin/build/trigger/$module"] = array(
@@ -144,10 +144,10 @@
function _trigger_get_hook_actions($hook, $op, $type = NULL) {
$actions = array();
if ($type) {
- $result = db_query("SELECT h.aid, a.description FROM {trigger_assignments} h LEFT JOIN {actions} a on a.aid = h.aid WHERE a.type = '%s' AND h.hook = '%s' AND h.op = '%s' ORDER BY h.weight", $type, $hook, $op);
+ $result = db_query("SELECT h.aid, a.description FROM {trigger_assignments} h LEFT JOIN {actions} a on a.aid = h.aid WHERE a.type = ? AND h.hook = ? AND h.op = ? ORDER BY h.weight", $type, $hook, $op);
}
else {
- $result = db_query("SELECT h.aid, a.description FROM {trigger_assignments} h LEFT JOIN {actions} a on a.aid = h.aid WHERE h.hook = '%s' AND h.op = '%s' ORDER BY h.weight", $hook, $op);
+ $result = db_query("SELECT h.aid, a.description FROM {trigger_assignments} h LEFT JOIN {actions} a on a.aid = h.aid WHERE h.hook = ? AND h.op = ? ORDER BY h.weight", $hook, $op);
}
while ($action = db_fetch_object($result)) {
$actions[$action->aid] = $action->description;
@@ -168,7 +168,7 @@
*/
function _trigger_get_hook_aids($hook, $op = '') {
$aids = array();
- $result = db_query("SELECT aa.aid, a.type FROM {trigger_assignments} aa LEFT JOIN {actions} a ON aa.aid = a.aid WHERE aa.hook = '%s' AND aa.op = '%s' ORDER BY weight", $hook, $op);
+ $result = db_query("SELECT aa.aid, a.type FROM {trigger_assignments} aa LEFT JOIN {actions} a ON aa.aid = a.aid WHERE aa.hook = ? AND aa.op = ? ORDER BY weight", $hook, $op);
while ($action = db_fetch_object($result)) {
$aids[$action->aid]['type'] = $action->type;
}
@@ -267,7 +267,7 @@
$form_values = $form_state['values'];
if (!empty($form_values['aid'])) {
$aid = actions_function_lookup($form_values['aid']);
- if (db_result(db_query("SELECT aid FROM {trigger_assignments} WHERE hook = '%s' AND op = '%s' AND aid = '%s'", $form_values['hook'], $form_values['operation'], $aid))) {
+ if (db_result(db_query("SELECT aid FROM {trigger_assignments} WHERE hook = ? AND op = ? AND aid = ?", $form_values['hook'], $form_values['operation'], $aid))) {
form_set_error($form_values['operation'], t('The action you choose is already assigned to that trigger.'));
}
}
@@ -281,18 +281,18 @@
if (!empty($form_values['aid'])) {
$aid = actions_function_lookup($form_values['aid']);
- $weight = db_result(db_query("SELECT MAX(weight) FROM {trigger_assignments} WHERE hook = '%s' AND op = '%s'", $form_values['hook'], $form_values['operation']));
- db_query("INSERT INTO {trigger_assignments} values ('%s', '%s', '%s', %d)", $form_values['hook'], $form_values['operation'], $aid, $weight + 1);
+ $weight = db_result(db_query("SELECT MAX(weight) FROM {trigger_assignments} WHERE hook = ? AND op = ?", $form_values['hook'], $form_values['operation']));
+ db_query("INSERT INTO {trigger_assignments} values (?, ?, ?, ?)", $form_values['hook'], $form_values['operation'], $aid, $weight + 1);
// If this action changes a node property, we need to save the node
// so the change will persist.
$actions = actions_list();
if (isset($actions[$aid]['behavior']) && in_array('changes_node_property', $actions[$aid]['behavior']) && ($form_values['operation'] != 'presave')) {
// Delete previous node_save_action if it exists, and re-add a new one at a higher weight.
- $save_post_action_assigned = db_result(db_query("SELECT aid FROM {trigger_assignments} WHERE hook = '%s' AND op = '%s' AND aid = 'node_save_action'", $form_values['hook'], $form_values['operation']));
+ $save_post_action_assigned = db_result(db_query("SELECT aid FROM {trigger_assignments} WHERE hook = ? AND op = ? AND aid = 'node_save_action'", $form_values['hook'], $form_values['operation']));
if ($save_post_action_assigned) {
- db_query("DELETE FROM {trigger_assignments} WHERE hook = '%s' AND op = '%s' AND aid = 'node_save_action'", $form_values['hook'], $form_values['operation']);
+ db_query("DELETE FROM {trigger_assignments} WHERE hook = ? AND op = ? AND aid = 'node_save_action'", $form_values['hook'], $form_values['operation']);
}
- db_query("INSERT INTO {trigger_assignments} VALUES ('%s', '%s', '%s', %d)", $form_values['hook'], $form_values['operation'], 'node_save_action', $weight + 2);
+ db_query("INSERT INTO {trigger_assignments} VALUES (?, ?, ?, ?)", $form_values['hook'], $form_values['operation'], 'node_save_action', $weight + 2);
if (!$save_post_action_assigned) {
drupal_set_message(t('You have added an action that changes a the property of a post. A Save post action has been added so that the property change will be saved.'));
}
@@ -428,7 +428,7 @@
$form_values = $form_state['values'];
if ($form_values['confirm'] == 1) {
$aid = actions_function_lookup($form_values['aid']);
- db_query("DELETE FROM {trigger_assignments} WHERE hook = '%s' AND op = '%s' AND aid = '%s'", $form_values['hook'], $form_values['operation'], $aid);
+ db_query("DELETE FROM {trigger_assignments} WHERE hook = ? AND op = ? AND aid = ?", $form_values['hook'], $form_values['operation'], $aid);
$actions = actions_get_all_actions();
watchdog('actions', 'Action %action has been unassigned.', array('%action' => check_plain($actions[$aid]['description'])));
drupal_set_message(t('Action %action has been unassigned.', array('%action' => $actions[$aid]['description'])));
Index: modules/search/search.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/search/search.module,v
retrieving revision 1.236
diff -u -r1.236 search.module
--- modules/search/search.module 1 Oct 2007 08:50:36 -0000 1.236
+++ modules/search/search.module 5 Oct 2007 07:23:49 -0000
@@ -228,10 +228,10 @@
module_invoke_all('search', 'reset');
}
else {
- db_query("DELETE FROM {search_dataset} WHERE sid = %d AND type = '%s'", $sid, $type);
- db_query("DELETE FROM {search_index} WHERE fromsid = %d AND fromtype = '%s'", $sid, $type);
+ db_query("DELETE FROM {search_dataset} WHERE sid = ? AND type = ?", $sid, $type);
+ db_query("DELETE FROM {search_index} WHERE fromsid = ? AND fromtype = ?", $sid, $type);
// When re-indexing, keep link references
- db_query("DELETE FROM {search_index} WHERE sid = %d AND type = '%s'". ($reindex ? " AND fromsid = 0" : ''), $sid, $type);
+ db_query("DELETE FROM {search_index} WHERE sid = ? AND type = ?". ($reindex ? " AND fromsid = 0" : ''), $sid, $type);
}
}
@@ -275,12 +275,12 @@
// Update word IDF (Inverse Document Frequency) counts for new/changed words
foreach (search_dirty() as $word => $dummy) {
// Get total count
- $total = db_result(db_query("SELECT SUM(score) FROM {search_index} WHERE word = '%s'", $word));
+ $total = db_result(db_query("SELECT SUM(score) FROM {search_index} WHERE word = ?", $word));
// Apply Zipf's law to equalize the probability distribution
$total = log10(1 + 1/(max(1, $total)));
- db_query("UPDATE {search_total} SET count = %f WHERE word = '%s'", $total, $word);
- if (!db_affected_rows()) {
- db_query("INSERT INTO {search_total} (word, count) VALUES ('%s', %f)", $word, $total);
+ $result = db_query("UPDATE {search_total} SET count = %f WHERE word = ?", $total, $word);
+ if (!db_affected_rows($result)) {
+ db_query("INSERT INTO {search_total} (word, count) VALUES (?, %f)", $word, $total);
}
}
// Find words that were deleted from search_index, but are still in
@@ -288,7 +288,7 @@
// rows which fail to join.
$result = db_query("SELECT t.word AS realword, i.word FROM {search_total} t LEFT JOIN {search_index} i ON t.word = i.word WHERE i.word IS NULL");
while ($word = db_fetch_object($result)) {
- db_query("DELETE FROM {search_total} WHERE word = '%s'", $word->realword);
+ db_query("DELETE FROM {search_total} WHERE word = ?", $word->realword);
}
}
@@ -493,7 +493,7 @@
$linknid = $match[1];
if ($linknid > 0) {
// Note: ignore links to uncachable nodes to avoid redirect bugs.
- $node = db_fetch_object(db_query('SELECT n.title, n.nid, n.vid, r.format FROM {node} n INNER JOIN {node_revisions} r ON n.vid = r.vid WHERE n.nid = %d', $linknid));
+ $node = db_fetch_object(db_query('SELECT n.title, n.nid, n.vid, r.format FROM {node} n INNER JOIN {node_revisions} r ON n.vid = r.vid WHERE n.nid = ?', $linknid));
if (filter_format_allowcache($node->format)) {
$link = TRUE;
$linktitle = $node->title;
@@ -558,11 +558,11 @@
search_wipe($sid, $type, TRUE);
// Insert cleaned up data into dataset
- db_query("INSERT INTO {search_dataset} (sid, type, data) VALUES (%d, '%s', '%s')", $sid, $type, $accum);
+ db_query("INSERT INTO {search_dataset} (sid, type, data) VALUES (?, ?, ?)", $sid, $type, $accum);
// Insert results into search index
foreach ($results[0] as $word => $score) {
- db_query("INSERT INTO {search_index} (word, sid, type, score) VALUES ('%s', %d, '%s', %f)", $word, $sid, $type, $score);
+ db_query("INSERT INTO {search_index} (word, sid, type, score) VALUES (?, ?, ?, %f)", $word, $sid, $type, $score);
search_dirty($word);
}
unset($results[0]);
@@ -570,7 +570,7 @@
// Now insert links to nodes
foreach ($results as $nid => $words) {
foreach ($words as $word => $score) {
- db_query("INSERT INTO {search_index} (word, sid, type, fromsid, fromtype, score) VALUES ('%s', %d, '%s', %d, '%s', %f)", $word, $nid, 'node', $sid, $type, $score);
+ db_query("INSERT INTO {search_index} (word, sid, type, fromsid, fromtype, score) VALUES (?, ?, ?, ?, ?, %f)", $word, $nid, 'node', $sid, $type, $score);
search_dirty($word);
}
}
@@ -704,7 +704,7 @@
$query = implode(' AND ', $query);
// Build word-index conditions for the first pass
- $query2 = substr(str_repeat("i.word = '%s' OR ", count($arguments2)), 0, -4);
+ $query2 = substr(str_repeat("i.word = ? OR ", count($arguments2)), 0, -4);
return array($query, $arguments, $query2, $arguments2, $matches);
}
@@ -773,7 +773,7 @@
*
* @param $where1
* (optional) Inserted into the WHERE part of the first SQL query.
- * For example "(n.status > %d)".
+ * For example "(n.status > ?)".
*
* @param $arguments1
* (optional) Extra SQL arguments belonging to the first query.
@@ -811,9 +811,9 @@
// First pass: select all possible matching sids, doing a simple index-based OR matching on the keywords.
// 'matches' is used to reject those items that cannot possibly match the query.
- $conditions = $where1 .' AND ('. $query[2] .") AND i.type = '%s'";
+ $conditions = $where1 .' AND ('. $query[2] .") AND i.type = ?";
$arguments = array_merge($arguments1, $query[3], array($type, $query[4]));
- $result = db_query_temporary("SELECT i.type, i.sid, SUM(i.score * t.count) AS relevance, COUNT(*) AS matches FROM {search_index} i INNER JOIN {search_total} t ON i.word = t.word $join1 WHERE $conditions GROUP BY i.type, i.sid HAVING COUNT(*) >= %d", $arguments, 'temp_search_sids');
+ $result = db_query_temporary("SELECT i.type, i.sid, SUM(i.score * t.count) AS relevance, COUNT(*) AS matches FROM {search_index} i INNER JOIN {search_total} t ON i.word = t.word $join1 WHERE $conditions GROUP BY i.type, i.sid HAVING COUNT(*) >= ?", $arguments, 'temp_search_sids');
// Calculate maximum relevance, to normalize it
$normalize = db_result(db_query('SELECT MAX(relevance) FROM temp_search_sids'));