Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This command won't work:
$log[]=update_sql("insert into {table} values('%s')",$string);
To execute queries with escaped values, we need to use db_query(), which does not log success. Escaped values are primarily intended to guard against SQL injection, but it wouldn't hurt to adopt this style for any database queries in Drupal.
It would be a relatively simple matter to change update_sql from this:
function update_sql($sql) {
$result = db_query($sql);
return array('success' => $result !== FALSE, 'query' => check_plain($sql));
}
to something like this:
function update_sql($sql) {
$result = call_user_func_array('db_query',func_get_args());
return array('success' => $result !== FALSE, 'query' => check_plain($sql));
}
Admittedly, this only logs the un-parsed queries (perhaps the arguments could be appended?), but at least the query can be logged and executed properly.
Comments
Comment #1
RobRoy CreditAttribution: RobRoy commentedDuplicate of http://drupal.org/node/36324.