The current code sometimes constructs entire SQL queries dynamically (potentially opening some possibility for security holes, creating DB portability issues, inefficiency etc), when it should perhaps consider using the "array of query arguments" option in db_query.

For D6, consider using (Schema API) methods drupal_write_record and drupal_schema_fields_sql to reduce coupling between the defined schema, and the SQL being generated.

Comments

john franklin’s picture

john franklin commented
Version: 6.x-1.x-dev » 6.x-2.x-dev

Kick this down the line to 6.x-2.x.