- Patch #352054 by catch: convert calls to db_placeholders() in static queries.

a0472857 · Dries · 5bbad8a4 · a0472857 · a0472857 · a0472857
Commit a0472857 authored Dec 29, 2008 by Dries
7 changed files
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -353,7 +353,7 @@ function block_box_save($edit, $delta) {
 function block_user_form(&$edit, &$account, $category = NULL) {
  if ($category == 'account') {
    $rids = array_keys($account->roles);
-    $result = db_query("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (" . db_placeholders($rids) . ") OR r.rid IS NULL) ORDER BY b.weight, b.module", $rids);
+    $result = db_query("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (:rids) OR r.rid IS NULL) ORDER BY b.weight, b.module", array(':rids' => $rids));
    $form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
    while ($block = db_fetch_object($result)) {
      $data = module_invoke($block->module, 'block_list');

--- a/modules/book/book.module
+++ b/modules/book/book.module
@@ -723,7 +723,7 @@ function book_build_active_trail($book_link) {
 * Implementation of hook_nodeapi_load().
 */
 function book_nodeapi_load($nodes, $types) {
-  $result = db_query("SELECT * FROM {book} b INNER JOIN {menu_links} ml ON b.mlid = ml.mlid WHERE b.nid IN (" . db_placeholders(array_keys($nodes)) . ")",  array_keys($nodes), array('fetch' => PDO::FETCH_ASSOC));
+  $result = db_query("SELECT * FROM {book} b INNER JOIN {menu_links} ml ON b.mlid = ml.mlid WHERE b.nid IN (:nids)", array(':nids' =>  array_keys($nodes)), array('fetch' => PDO::FETCH_ASSOC));
  foreach ($result as $record) {
    $nodes[$record['nid']]->book = $record;
    $nodes[$record['nid']]->book['href'] = $record['link_path'];

--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -605,7 +605,7 @@ function comment_nodeapi_load($nodes, $types) {

  // For nodes with comments enabled, fetch information from the database.
  if (!empty($comments_enabled)) {
-    $result = db_query('SELECT nid, last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid IN(' . db_placeholders($comments_enabled) . ')', $comments_enabled);
+    $result = db_query('SELECT nid, last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid IN(:comments_enabled)', array(':comments_enabled' => $comments_enabled));
    foreach ($result as $record) {
      $nodes[$record->nid]->last_comment_timestamp = $record->last_comment_timestamp;
      $nodes[$record->nid]->last_comment_name = $record->last_comment_name;

--- a/modules/forum/forum.module
+++ b/modules/forum/forum.module
@@ -358,7 +358,7 @@ function forum_nodeapi_load($nodes, $types) {
    }
  }
  if (!empty($node_vids)) {
-    $result = db_query('SELECT nid, tid FROM {forum} WHERE vid IN(' . db_placeholders($node_vids) . ')', $node_vids);
+    $result = db_query('SELECT nid, tid FROM {forum} WHERE vid IN(:node_vids)', array(':node_vids' => $node_vids));
    foreach ($result as $record) {
      $nodes[$record->nid]->forum_tid = $record->tid;
    }

--- a/modules/node/node.api.php
+++ b/modules/node/node.api.php
@@ -245,7 +245,7 @@ function hook_nodeapi_insert($node) {
 *   An array containing the types of the nodes.
 */
 function hook_nodeapi_load($nodes, $types) {
-  $result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN(' . db_placeholders(array_keys($nodes)) . ')', array_keys($nodes));
+  $result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN(:nids)', array(':nids' => array_keys($nodes)));
  foreach ($result as $record) {
    $nodes[$record->nid]->foo = $record->foo;
  }
@@ -693,7 +693,7 @@ function hook_insert($node) {
 * For a detailed usage example, see node_example.module.
 */
 function hook_load($nodes) {
-  $result = db_fetch_object(db_query('SELECT nid, foo FROM {mytable} WHERE nid IN (' . db_placeholders(array_keys($nodes)) . ')', array_keys($nodes)));
+  $result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN (:nids)', array(':nids' => array_keys($nodes)));
  foreach ($result as $record) {
    $nodes[$record->nid]->foo = $record->foo;
  }

--- a/modules/taxonomy/taxonomy.api.php
+++ b/modules/taxonomy/taxonomy.api.php
@@ -85,7 +85,7 @@ function hook_taxonomy_vocabulary_delete($vocabulary) {
 *   An array of term objects, indexed by tid.
 */
 function hook_taxonomy_term_load($terms) {
-  $result = db_query('SELECT tid, foo FROM {mytable} WHERE tid IN (' . db_placeholders(array_keys($terms)) . ')', array_keys($terms));
+  $result = db_query('SELECT tid, foo FROM {mytable} WHERE tid IN (:tids)', array(':tids' => array_keys($terms)));
  foreach ($result as $record) {
    $terms[$record->tid]->foo = $record->foo;
  }

--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -489,7 +489,7 @@ function user_role_permissions($roles = array(), $reset = FALSE) {
    if ($fetch) {
      // Get from the database permissions that were not in the static variable.
      // Only role IDs with at least one permission assigned will return rows.
-      $result = db_query("SELECT r.rid, p.permission FROM {role} r INNER JOIN {role_permission} p ON p.rid = r.rid WHERE r.rid IN (" . db_placeholders($fetch) . ")", $fetch);
+      $result = db_query("SELECT r.rid, p.permission FROM {role} r INNER JOIN {role_permission} p ON p.rid = r.rid WHERE r.rid IN (:fetch)", array(':fetch' => $fetch));

      while ($row = db_fetch_array($result)) {
        $stored_permissions[$row['rid']][$row['permission']] = TRUE;