diff --git a/stormorganization/stormorganization.admin.inc b/stormorganization/stormorganization.admin.inc
index 02d57d0..7ae30f6 100644
--- a/stormorganization/stormorganization.admin.inc
+++ b/stormorganization/stormorganization.admin.inc
@@ -256,15 +256,20 @@ function stormorganization_list_filter_reset($form, &$form_state) {
 function stormorganization_autocomplete($string = '') {
   $matches = array();
   if ($string) {
-    $s = "SELECT title FROM {node} AS n WHERE n.type='stormorganization' AND LOWER(title) LIKE LOWER('%s%%')";
-    $s = stormorganization_access_sql($s);
-    $s = db_rewrite_sql($s);
-
-    $result = db_query_range($s, $string, 0, 10);
-    while ($org = db_fetch_object($result)) {
-      $matches[$org->title] = check_plain($org->title);
+    $query = db_select('node', 'n');
+
+    $return = $query
+      ->addTag('node_access')
+      ->fields('n', array('nid', 'title'))
+      ->condition('n.type', 'stormorganization')
+      ->condition('title', '%' . db_like($string) . '%', 'LIKE')
+      ->range(0, 10);
+
+      foreach($return as $row) {
+        $matches[$row->title] = check_plain($row->title);
+      }
     }
   }
-
-  drupal_json($matches);
+  drupal_json_output($matches);
 }
+
diff --git a/stormperson/stormperson.admin.inc b/stormperson/stormperson.admin.inc
index f2abb20..9db5292 100644
--- a/stormperson/stormperson.admin.inc
+++ b/stormperson/stormperson.admin.inc
@@ -188,17 +188,20 @@ function _stormperson_organization_people_js($organization_nid=0) {
   $people = array();
 
   if ($organization_nid) {
-    $s = "SELECT n.nid, n.title FROM {node} n INNER JOIN {stormperson} AS spe ON n.vid=spe.vid WHERE n.status=1 AND n.type='stormperson' AND spe.organization_nid=%d ORDER BY n.title";
-    $s = stormperson_access_sql($s);
-    $s = db_rewrite_sql($s);
-    $r = db_query($s, $organization_nid);
-
-    while ($item = db_fetch_object($r)) {
-      $nid = $item->nid;
-      $people[$nid] = $item->title;
+      $query = db_select('node', 'n')
+        ->fields('n', array('nid', 'title'))
+        ->condition('n.status', 1)
+        ->condition('n.type', 'organization')
+        ->condition('spe.organization', $organization_nid)
+        ->join('stormperson', 'spe', 'n.vid = spe.vid');
+
+  $result = $query->execute();
+    foreach($result as $row) {
+      $nid = $row->name;
+      $people[$nid] = $row->title;
     }
   }
-  print drupal_to_js($people);
+  print drupal_json_encode($people);
   exit();
 }
 
diff --git a/stormperson/stormperson.module b/stormperson/stormperson.module
index 2d53ace..dba70ab 100644
--- a/stormperson/stormperson.module
+++ b/stormperson/stormperson.module
@@ -434,12 +434,19 @@ function stormperson_form(&$node) {
 
 function stormperson_validate($node, &$form) {
   if (!empty($node->user_name)) {
-    $ass_user = user_load(array('name' => $node->user_name));
+    $username = $node->user_name;
+    $ass_user = user_load_by_name($username);
     if (!empty($ass_user)) {
-      $result = db_query("SELECT n.nid, n.title FROM {node} n JOIN {stormperson} stp ON (n.nid = stp.nid) WHERE stp.user_uid = %d", $ass_user->uid);
-      $row = db_fetch_array($result);
-      if ($row && (empty($form['#node']->user_name) || ($form['#node']->user_name != $node->user_name))) {
-        form_set_error('user_name', t('This Drupal user is already assigned to a Storm person (!link). The same Drupal user can not be assigned to two Storm people.', array('!link' => l($row['title'], 'node/'. $row['nid']))));
+      $query = db_select('node', 'n');
+
+      $query->fields('n', array('nid', 'title'))
+            ->condition('stp.user_uid', $ass_user->uid)
+            ->join('stormperson', 'stp', 'n.nid = stp.nid');
+
+      $row = $query->execute()->fetchAssoc();
+        if ($row && (empty($form['#node']->user_name) || ($form['#node']->user_name != $node->user_name))) {
+          $message = t('This Drupal user is already assigned to a Storm person (!link). The same Drupal user can not be assigned to two Storm people.', array('!link' => l($row['title'], 'node/'. $row['nid'])));
+        form_set_error('user_name', $message);
       }
     }
   }
@@ -448,13 +455,21 @@ function stormperson_validate($node, &$form) {
 function stormperson_user_autocomplete($string = '') {
   $matches = array();
   if ($string) {
-    $result = db_query_range("SELECT name FROM {users} WHERE name LIKE '%s%%' AND uid NOT IN (SELECT user_uid FROM {stormperson})", $string, 0, 10);
-    while ($user = db_fetch_object($result)) {
-      $matches[$user->name] = check_plain($user->name);
+    $query = db_select('users', 'u')
+      ->fields('u', array('name', 'uid'))
+      ->condition('name', db_like($string) . '%', 'LIKE');
+
+    $subquery = db_select('stormperson', 'stp');
+    $subquery->addField('stp', 'user_uid', 'uid');
+
+    $query->condition('uid', $subquery, 'NOT IN');
+    $result = $query->execute();
+
+    foreach($result as $row) {
+      $matches[$row->name] = check_plain($row->name);
     }
+    drupal_json_output($matches);
   }
-
-  drupal_json($matches);
 }
 
 function stormperson_insert($node) {
@@ -509,7 +524,8 @@ function stormperson_update($node) {
 }
 
 function _stormperson_beforesave(&$node) {
-  $ass_user = user_load(array('name' => $node->user_name));
+  $username = $node->username;
+  $ass_user = user_load_by_name($username);
   $node->user_uid = $ass_user->uid;
   if (!$node->email) {
     $node->email = $ass_user->mail;