Modules should not call mysql_*()
kiamlaluno - July 27, 2008 - 13:32
| Project: | Blog Add-ons |
| Version: | 6.x-1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Chajecki |
| Status: | active |
Jump to:
Description
The module calls directly a function that is specific for a database. Doing so, the module works only if the server which runs the web site has the PHP MySQL extension installed, and working.
The call to mysql_num_rows() can be avoided, as there is another way to get the number of rows, in Drupal 6.
I.e., the code:
<?php
$query = "SELECT n.nid, n.created FROM {node} n WHERE n.type = 'blog' AND n.status = 1 AND n.uid = " . $account->uid . $limit . " ORDER By n.created DESC ";
$postpermonth = mysql_num_rows(db_query($query));
?>can be changed in
<?php
$query = "SELECT COUNT(*) FROM {node} n WHERE n.type = 'blog' AND n.status = 1 AND n.uid = " . $account->uid . $limit;
$postpermonth = db_result(db_query($query));
?>
#1
Thanks. Very good suggestions. Will be implemented in a new release.
#2
It should also be the case to avoid to pass arguments directly in the query string, but to use something like:
<?php$query = "SELECT COUNT(*) FROM {node} n WHERE n.type = 'blog' AND n.status = 1 AND n.uid = %d";
$postpermonth = db_result(db_query($query, $account->uid));
?>