- Patch #543948 by Damien Tournoud: remove db_type_placeholder().

8b11e7eb · Dries · 88884f89 · 8b11e7eb · 8b11e7eb · 8b11e7eb
Commit 8b11e7eb authored Aug 10, 2009 by Dries
3 changed files
--- a/includes/database/database.inc
+++ b/includes/database/database.inc
@@ -2175,50 +2175,6 @@ function db_find_tables($table_expression) {
  return Database::getConnection()->schema()->findTables($table_expression);
 }

-/**
- * Given a Schema API field type, return the correct %-placeholder.
- *
- * Embed the placeholder in a query to be passed to db_query and and pass as an
- * argument to db_query a value of the specified type.
- *
- * @todo Remove this after all queries are converted to type-agnostic form.
- * @param $type
- *   The Schema API type of a field.
- * @return
- *   The placeholder string to embed in a query for that type.
- */
-function db_type_placeholder($type) {
-  switch ($type) {
-    case 'varchar':
-    case 'char':
-    case 'text':
-    case 'datetime':
-      return '\'%s\'';
-
-    case 'numeric':
-      // Numeric values are arbitrary precision numbers. Syntactically, numerics
-      // should be specified directly in SQL. However, without single quotes
-      // the %s placeholder does not protect against non-numeric characters such
-      // as spaces which would expose us to SQL injection.
-      return '%n';
-
-    case 'serial':
-    case 'int':
-      return '%d';
-
-    case 'float':
-      return '%f';
-
-    case 'blob':
-      return '%b';
-  }
-
-  // There is no safe value to return here, so return something that
-  // will cause the query to fail.
-  return 'unsupported type ' . $type . 'for db_type_placeholder';
-}
-
-
 function _db_create_keys_sql($spec) {
  return Database::getConnection()->schema()->createKeysSql($spec);
 }

--- a/includes/database/mysql/schema.inc
+++ b/includes/database/mysql/schema.inc
@@ -286,8 +286,8 @@ public function addField(&$ret, $table, $field, $spec, $keys_new = array()) {
    $ret[] = update_sql($query);
    if (isset($spec['initial'])) {
      // All this because update_sql does not support %-placeholders.
-      $sql = 'UPDATE {' . $table . '} SET ' . $field . ' = ' . db_type_placeholder($spec['type']);
-      $result = db_query($sql, $spec['initial']);
+      $sql = 'UPDATE {' . $table . '} SET ' . $field . ' = :value';
+      $result = db_query($sql, array(':value' => $spec['initial']));
      $ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql . ' (' . $spec['initial'] . ')'));
    }
    if ($fixnull) {

--- a/includes/database/pgsql/schema.inc
+++ b/includes/database/pgsql/schema.inc
@@ -328,8 +328,8 @@ public function addField(&$ret, $table, $field, $spec, $new_keys = array()) {
    $ret[] = update_sql($query);
    if (isset($spec['initial'])) {
      // All this because update_sql does not support %-placeholders.
-      $sql = 'UPDATE {' . $table . '} SET ' . $field . ' = ' . db_type_placeholder($spec['type']);
-      $result = db_query($sql, $spec['initial']);
+      $sql = 'UPDATE {' . $table . '} SET ' . $field . ' = :value';
+      $result = db_query($sql, array(':value' => $spec['initial']));
      $ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql . ' (' . $spec['initial'] . ')'));
    }
    if ($fixnull) {