Commit a0472857 authored by Dries's avatar Dries

- Patch #352054 by catch: convert calls to db_placeholders() in static queries.

parent 5bbad8a4
......@@ -353,7 +353,7 @@ function block_box_save($edit, $delta) {
function block_user_form(&$edit, &$account, $category = NULL) {
if ($category == 'account') {
$rids = array_keys($account->roles);
$result = db_query("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (" . db_placeholders($rids) . ") OR r.rid IS NULL) ORDER BY b.weight, b.module", $rids);
$result = db_query("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (:rids) OR r.rid IS NULL) ORDER BY b.weight, b.module", array(':rids' => $rids));
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
while ($block = db_fetch_object($result)) {
$data = module_invoke($block->module, 'block_list');
......
......@@ -723,7 +723,7 @@ function book_build_active_trail($book_link) {
* Implementation of hook_nodeapi_load().
*/
function book_nodeapi_load($nodes, $types) {
$result = db_query("SELECT * FROM {book} b INNER JOIN {menu_links} ml ON b.mlid = ml.mlid WHERE b.nid IN (" . db_placeholders(array_keys($nodes)) . ")", array_keys($nodes), array('fetch' => PDO::FETCH_ASSOC));
$result = db_query("SELECT * FROM {book} b INNER JOIN {menu_links} ml ON b.mlid = ml.mlid WHERE b.nid IN (:nids)", array(':nids' => array_keys($nodes)), array('fetch' => PDO::FETCH_ASSOC));
foreach ($result as $record) {
$nodes[$record['nid']]->book = $record;
$nodes[$record['nid']]->book['href'] = $record['link_path'];
......
......@@ -605,7 +605,7 @@ function comment_nodeapi_load($nodes, $types) {
// For nodes with comments enabled, fetch information from the database.
if (!empty($comments_enabled)) {
$result = db_query('SELECT nid, last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid IN(' . db_placeholders($comments_enabled) . ')', $comments_enabled);
$result = db_query('SELECT nid, last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid IN(:comments_enabled)', array(':comments_enabled' => $comments_enabled));
foreach ($result as $record) {
$nodes[$record->nid]->last_comment_timestamp = $record->last_comment_timestamp;
$nodes[$record->nid]->last_comment_name = $record->last_comment_name;
......
......@@ -358,7 +358,7 @@ function forum_nodeapi_load($nodes, $types) {
}
}
if (!empty($node_vids)) {
$result = db_query('SELECT nid, tid FROM {forum} WHERE vid IN(' . db_placeholders($node_vids) . ')', $node_vids);
$result = db_query('SELECT nid, tid FROM {forum} WHERE vid IN(:node_vids)', array(':node_vids' => $node_vids));
foreach ($result as $record) {
$nodes[$record->nid]->forum_tid = $record->tid;
}
......
......@@ -245,7 +245,7 @@ function hook_nodeapi_insert($node) {
* An array containing the types of the nodes.
*/
function hook_nodeapi_load($nodes, $types) {
$result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN(' . db_placeholders(array_keys($nodes)) . ')', array_keys($nodes));
$result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN(:nids)', array(':nids' => array_keys($nodes)));
foreach ($result as $record) {
$nodes[$record->nid]->foo = $record->foo;
}
......@@ -693,7 +693,7 @@ function hook_insert($node) {
* For a detailed usage example, see node_example.module.
*/
function hook_load($nodes) {
$result = db_fetch_object(db_query('SELECT nid, foo FROM {mytable} WHERE nid IN (' . db_placeholders(array_keys($nodes)) . ')', array_keys($nodes)));
$result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN (:nids)', array(':nids' => array_keys($nodes)));
foreach ($result as $record) {
$nodes[$record->nid]->foo = $record->foo;
}
......
......@@ -85,7 +85,7 @@ function hook_taxonomy_vocabulary_delete($vocabulary) {
* An array of term objects, indexed by tid.
*/
function hook_taxonomy_term_load($terms) {
$result = db_query('SELECT tid, foo FROM {mytable} WHERE tid IN (' . db_placeholders(array_keys($terms)) . ')', array_keys($terms));
$result = db_query('SELECT tid, foo FROM {mytable} WHERE tid IN (:tids)', array(':tids' => array_keys($terms)));
foreach ($result as $record) {
$terms[$record->tid]->foo = $record->foo;
}
......
......@@ -489,7 +489,7 @@ function user_role_permissions($roles = array(), $reset = FALSE) {
if ($fetch) {
// Get from the database permissions that were not in the static variable.
// Only role IDs with at least one permission assigned will return rows.
$result = db_query("SELECT r.rid, p.permission FROM {role} r INNER JOIN {role_permission} p ON p.rid = r.rid WHERE r.rid IN (" . db_placeholders($fetch) . ")", $fetch);
$result = db_query("SELECT r.rid, p.permission FROM {role} r INNER JOIN {role_permission} p ON p.rid = r.rid WHERE r.rid IN (:fetch)", array(':fetch' => $fetch));
while ($row = db_fetch_array($result)) {
$stored_permissions[$row['rid']][$row['permission']] = TRUE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment