Index: modules/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node.module,v
retrieving revision 1.509
diff -u -F^f -r1.509 node.module
--- modules/node.module	20 Jul 2005 10:48:20 -0000	1.509
+++ modules/node.module	27 Jul 2005 13:09:40 -0000
@@ -413,17 +413,16 @@ function node_save($node) {
     }
     $node->nid = db_next_id('{node}_nid');
 
-    // Prepare the query:
+    $node_fields = node_nodeapi($node, 'fields');
+    $node_args = array();
     foreach ($node as $key => $value) {
-      if (in_array((string) $key, $fields)) {
-        $k[] = db_escape_string($key);
-        $v[] = $value;
-        $s[] = "'%s'";
+      if (in_array($key, $node_fields)) {
+        $node_args[$key] = $value;
       }
     }
 
     // Insert the node into the database:
-    db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES(". implode(", ", $s) .")", $v);
+    db_query('INSERT INTO {node} %a', $node_args);
 
     // Call the node specific callback (if any):
     node_invoke($node, 'insert');
@@ -435,16 +434,16 @@ function node_save($node) {
     // Set some required fields:
     $node->changed = time();
 
-    // Prepare the query:
+    $node_fields = node_nodeapi($node, 'fields');
+    $node_args = array();
     foreach ($node as $key => $value) {
-      if (in_array($key, $fields)) {
-        $q[] = db_escape_string($key) ." = '%s'";
-        $v[] = $value;
+      if (in_array($key, $node_fields)) {
+        $node_args[$key] = $value;
       }
     }
 
     // Update the node in the database:
-    db_query("UPDATE {node} SET ". implode(', ', $q) ." WHERE nid = '$node->nid'", $v);
+    db_query("UPDATE {node} SET %a WHERE nid = %d", $node_args, $node->nid);
 
     // Call the node specific callback (if any):
     node_invoke($node, 'update');