Issue #1748168 by ACF | tim.plunkett: Convert or document all usages of db_query().

includes/admin.inc

@@ -4694,7 +4694,9 @@ function views_ui_get_roles() {
   static $roles = NULL;
   if (!isset($roles)) {
     $roles = array();
-    $result = db_query("SELECT r.rid, r.name FROM {role} r ORDER BY r.name");
+    // Uses db_query() rather than db_select() because the query is static and
+    // does not include any variables.
+    $result = $result = db_query("SELECT r.rid, r.name FROM {role} r ORDER BY r.name");
     foreach ($result as $obj) {
       $roles[$obj->rid] = $obj->name;
     }

lib/Views/aggregator/Plugin/views/argument/CategoryCid.php

@@ -28,7 +28,10 @@ class CategoryCid extends Numeric {
   function title_query() {
     $titles = array();
 
-    $result = db_query("SELECT c.title FROM {aggregator_category} c WHERE c.cid IN (:cid)", array(':cid' => $this->value));
+    $query = db_select('aggregator_category', 'c');
+    $query->addField('c', 'title');
+    $query->condition('c.cid', $this->value);
+    $result = $query->execute();
     foreach ($result as $term) {
       $titles[] = check_plain($term->title);
     }

lib/Views/aggregator/Plugin/views/argument/Fid.php

@@ -29,6 +29,10 @@ function title_query() {
     $titles = array();
 
     $result = db_query("SELECT f.title FROM {aggregator_feed} f WHERE f.fid IN (:fids)", array(':fids' => $this->value));
+    $query = db_select('aggregator_feed', 'f');
+    $query->addField('f', 'title');
+    $query->condition('f.fid', $this->value);
+    $result = $query->execute();
     foreach ($result as $term) {
       $titles[] = check_plain($term->title);
     }

lib/Views/aggregator/Plugin/views/filter/CategoryCid.php

@@ -28,7 +28,8 @@ function get_value_options() {
     }
 
     $this->value_options = array();
-
+    // Uses db_query() rather than db_select() because the query is static and
+    // does not include any variables.
     $result = db_query('SELECT * FROM {aggregator_category} ORDER BY title');
     foreach ($result as $category) {
       $this->value_options[$category->cid] = $category->title;

lib/Views/aggregator/Plugin/views/row/Rss.php

@@ -52,12 +52,13 @@ function options_form(&$form, &$form_state) {
 
   function render($row) {
     $iid =  $row->{$this->field_alias};
-    $sql =  "SELECT ai.iid, ai.fid, ai.title, ai.link, ai.author, ai.description, ";
-    $sql .= "ai.timestamp, ai.guid, af.title AS feed_title, ai.link AS feed_LINK ";
-    $sql .= "FROM {aggregator_item} ai LEFT JOIN {aggregator_feed} af ON ai.fid = af.fid ";
-    $sql .= "WHERE ai.iid = :iid";
-
-    $item = db_query($sql, array(':iid' => $iid))->fetchObject();
+    $query = db_select('aggregator_item', 'ai');
+    $query->leftJoin('aggregator_feed', 'af', 'ai.fid = af.fid');
+    $query->fields('ai');
+    $query->addExpression('af.title', 'feed_title');
+    $query->addExpression('ai.link', 'feed_LINK');
+    $query->condition('iid', $iid);
+    $result = $query->execute();
 
     $item->elements = array(
       array(

lib/Views/comment/Plugin/views/argument/UserUid.php

@@ -28,7 +28,10 @@ function title() {
       $title = config('user.settings')->get('anonymous');
     }
     else {
-      $title = db_query('SELECT u.name FROM {users} u WHERE u.uid = :uid', array(':uid' => $this->argument))->fetchField();
+      $query = db_select('users', 'u');
+      $query->addField('u', 'name');
+      $query->condition('u.uid', $this->argument);
+      $title = $query->execute()->fetchField();
     }
     if (empty($title)) {
       return t('No user');

lib/Views/comment/Plugin/views/field/NodeNewComments.php

@@ -73,15 +73,16 @@ function pre_render(&$values) {
     }
 
     if ($nids) {
-      $result = db_query("SELECT n.nid, COUNT(c.cid) as num_comments FROM {node} n INNER JOIN {comment} c ON n.nid = c.nid
-        LEFT JOIN {history} h ON h.nid = n.nid AND h.uid = :h_uid WHERE n.nid IN (:nids)
-        AND c.changed > GREATEST(COALESCE(h.timestamp, :timestamp), :timestamp) AND c.status = :status GROUP BY n.nid  ", array(
-          ':status' => COMMENT_PUBLISHED,
-          ':h_uid' => $user->uid,
-          ':nids' => $nids,
-          ':timestamp' => NODE_NEW_LIMIT,
-        ));
-
+      $query = db_select('node', 'n');
+      $query->addField('n', 'nid');
+      $query->innerJoin('comment', 'c', 'n.nid = c.nid');
+      $query->addExpression('COUNT(c.cid)', 'num_comments');
+      $query->leftJoin('history', 'h', 'h.nid = n.nid');
+      $query->condition('n.nid', $nids);
+      $query->where('c.changed > GREATEST(COALESCE(h.timestamp, :timestamp), :timestamp)', array(':timestamp' => NODE_NEW_LIMIT));
+      $query->condition('c.status', COMMENT_PUBLISHED);
+      $query->groupBy('n.nid');
+      $result = $query->execute();
       foreach ($result as $node) {
         foreach ($ids[$node->nid] as $id) {
           $values[$id]->{$this->field_alias} = $node->num_comments;

lib/Views/locale/Plugin/views/filter/Version.php

@@ -27,6 +27,8 @@ function get_value_options() {
       $this->value_title = t('Version');
       // Enable filtering by the current installed Drupal version.
       $versions = array('***CURRENT_VERSION***' => t('Current installed version'));
+      // Uses db_query() rather than db_select() because the query is static and
+      // does not include any variables.
       $result = db_query('SELECT DISTINCT(version) FROM {locales_source} ORDER BY version');
       foreach ($result as $row) {
         if (!empty($row->version)) {

lib/Views/node/Plugin/views/argument/Vid.php

@@ -28,8 +28,11 @@ class Vid extends Numeric {
   function title_query() {
     $titles = array();
 
-    $results = db_query("SELECT nr.vid, nr.nid, nr.title FROM {node_revision} nr WHERE nr.vid IN (:vids)", array(':vids' => $this->value))->fetchAllAssoc('vid', PDO::FETCH_ASSOC);
-
+    $results = db_select('node_revision', 'nr')
+      ->fields('nr', array('vid', 'nid', 'title'))
+      ->condition('nr.vid', $this->value)
+      ->execute()
+      ->fetchAllAssoc('vid', PDO::FETCH_ASSOC);
     $nids = array();
     foreach ($results as $result) {
       $nids[] = $result['nid'];

lib/Views/system/Plugin/views/filter/Type.php

@@ -25,6 +25,8 @@ function get_value_options() {
       $this->value_title = t('Type');
       // Enable filtering by type.
       $types = array();
+      // Uses db_query() rather than db_select() because the query is static and
+      // does not include any variables.
       $types = db_query('SELECT DISTINCT(type) FROM {system} ORDER BY type')->fetchAllKeyed(0, 0);
       $this->value_options = $types;
     }

lib/Views/taxonomy/Plugin/views/argument/VocabularyMachineName.php

@@ -26,7 +26,10 @@ class VocabularyMachineName extends String {
    * Override the behavior of title(). Get the name of the vocabulary..
    */
   function title() {
-    $title = db_query("SELECT v.name FROM {taxonomy_vocabulary} v WHERE v.machine_name = :machine_name", array(':machine_name' => $this->argument))->fetchField();
+    $query = db_select('taxonomy_vocabulary', 'v');
+    $query->addField('v', 'name');
+    $query->condition('v.machine_name', $this->argument);
+    $title = $query->execute()->fetchField();
 
     if (empty($title)) {
       return t('No vocabulary');

lib/Views/taxonomy/Plugin/views/argument/VocabularyVid.php

@@ -26,8 +26,10 @@ class VocabularyVid extends Numeric {
    * Override the behavior of title(). Get the name of the vocabulary.
    */
   function title() {
-    $title = db_query("SELECT v.name FROM {taxonomy_vocabulary} v WHERE v.vid = :vid", array(':vid' => $this->argument))->fetchField();
-
+    $query = db_select('taxonomy_vocabulary', 'v');
+    $query->addField('v', 'name');
+    $query->condition('v.vid', $this->argument);
+    $title = $query->execute()->fetchField();
     if (empty($title)) {
       return t('No vocabulary');
     }

lib/Views/translation/Plugin/views/argument/NodeTnid.php

@@ -28,7 +28,10 @@ class NodeTnid extends Numeric {
   function title_query() {
     $titles = array();
 
-    $result = db_query("SELECT n.title FROM {node} n WHERE n.tnid IN (:tnids)", array(':tnids' => $this->value));
+    $query = db_select('node', 'n');
+    $query->addField('n', 'title');
+    $query->condition('n.tnid', $this->value);
+    $result = $query->execute();
     foreach ($result as $term) {
       $titles[] = check_plain($term->title);
     }

lib/Views/user/Plugin/views/argument/RolesRid.php

@@ -25,7 +25,10 @@ class RolesRid extends ManyToOne {
   function title_query() {
     $titles = array();
 
-    $result = db_query("SELECT name FROM {role} WHERE rid IN (:rids)", array(':rids' => $this->value));
+    $query = db_select('role', 'r');
+    $query->addField('r', 'name');
+    $query->condition('r.rid', $this->value);
+    $result = $query->execute();
     foreach ($result as $term) {
       $titles[] = check_plain($term->name);
     }

lib/Views/user/Plugin/views/argument_validator/User.php

@@ -85,7 +85,7 @@ function validate_argument($argument) {
           // real global $user object.
           $account = clone $GLOBALS['user'];
         }
-        $where = 'uid = :argument';
+        $condition = 'uid';
       }
     }
     else {
@@ -94,18 +94,21 @@ function validate_argument($argument) {
         if ($argument == $name) {
           $account = clone $GLOBALS['user'];
         }
-        $where = "name = :argument";
+        $condition = 'name';
       }
     }
 
     // If we don't have a WHERE clause, the argument is invalid.
-    if (empty($where)) {
+    if (empty($condition)) {
       return FALSE;
     }
 
     if (!isset($account)) {
-      $query = "SELECT uid, name FROM {users} WHERE $where";
-      $account = db_query($query, array(':argument' => $argument))->fetchObject();
+      $account = db_select('users', 'u')
+        ->fields('u', array('uid', 'name'))
+        ->condition($condition, $argument)
+        ->execute()
+        ->fetchObject();
     }
     if (empty($account)) {
       // User not found.
@@ -117,7 +120,10 @@ function validate_argument($argument) {
       $roles = $this->options['roles'];
       $account->roles = array();
       $account->roles[] = $account->uid ? DRUPAL_AUTHENTICATED_RID : DRUPAL_ANONYMOUS_RID;
-      $result = db_query('SELECT rid FROM {users_roles} WHERE uid = :uid', array(':uid' => $account->uid));
+      $query = db_select('users_roles', 'u');
+      $query->addField('u', 'rid');
+      $query->condition('u.uid', $account->uid);
+      $result = $query->execute();
       foreach ($result as $role) {
         $account->roles[] = $role->rid;
       }

lib/Views/user/Plugin/views/field/Permissions.php

@@ -52,8 +52,14 @@ function pre_render(&$values) {
 
       $permissions = module_invoke_all('permission');
 
-      $result = db_query("SELECT u.uid, u.rid, rp.permission FROM {role_permission} rp INNER JOIN {users_roles} u ON u.rid = rp.rid WHERE u.uid IN (:uids) AND rp.module IN (:modules) ORDER BY rp.permission",
-        array(':uids' => $uids, ':modules' => array_keys($modules)));
+      $query = db_select('role_permission', 'rp');
+      $query->join('users_roles', 'u', 'u.rid = rp.rid');
+      $query->fields('u', array('uid', 'rid'));
+      $query->addField('rp', 'permission');
+      $query->condition('u.uid', $uids);
+      $query->condition('rp.module', array_keys($modules));
+      $query->orderBy('rp.permission');
+      $result = $query->execute();
 
       foreach ($result as $perm) {
         $this->items[$perm->uid][$perm->permission]['permission'] = $permissions[$perm->permission]['title'];

lib/Views/user/Plugin/views/field/Roles.php

@@ -41,8 +41,13 @@ function pre_render(&$values) {
     }
 
     if ($uids) {
-      $result = db_query("SELECT u.uid, u.rid, r.name FROM {role} r INNER JOIN {users_roles} u ON u.rid = r.rid WHERE u.uid IN (:uids) ORDER BY r.name",
-        array(':uids' => $uids));
+      $query = db_select('role', 'r');
+      $query->join('users_roles', 'u', 'u.rid = r.rid');
+      $query->addField('r', 'name');
+      $query->fields('u', array('uid', 'rid'));
+      $query->condition('u.uid', $uids);
+      $query->orderBy('r.name');
+      $result = $query->execute();
       foreach ($result as $role) {
         $this->items[$role->uid][$role->rid]['role'] = check_plain($role->name);
         $this->items[$role->uid][$role->rid]['rid'] = $role->rid;

lib/Views/user/Plugin/views/filter/Name.php

@@ -27,7 +27,7 @@ class Name extends InOperator {
   function value_form(&$form, &$form_state) {
     $values = array();
     if ($this->value) {
-      $result = db_query("SELECT * FROM {users} u WHERE uid IN (:uids)", array(':uids' => $this->value));
+      $result = entity_load_multiple_by_properties('user', array('uid' => $this->value));
       foreach ($result as $account) {
         if ($account->uid) {
           $values[] = $account->name;
@@ -131,7 +131,7 @@ function validate_user_strings(&$form, $values) {
       return $uids;
     }
 
-    $result = db_query("SELECT * FROM {users} WHERE name IN (:names)", array(':names' => $args));
+    $result = entity_load_multiple_by_properties('user', array('name' => $args));
     foreach ($result as $account) {
       unset($missing[strtolower($account->name)]);
       $uids[] = $account->uid;
@@ -156,8 +156,7 @@ function admin_summary() {
     $this->value_options = array();
 
     if ($this->value) {
-      $result = db_query("SELECT * FROM {users} u WHERE uid IN (:uids)", array(':uids' => $this->value));
-
+      $result = entity_load_multiple_by_properties('user', array('uid' => $this->value));
       foreach ($result as $account) {
         if ($account->uid) {
           $this->value_options[$account->uid] = $account->name;