From a04728577f34b98936c53799ccf1f2aaf7f3ff03 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Mon, 29 Dec 2008 16:03:57 +0000
Subject: [PATCH] - Patch #352054 by catch: convert calls to db_placeholders()
 in static queries.

---
 modules/block/block.module        | 2 +-
 modules/book/book.module          | 2 +-
 modules/comment/comment.module    | 2 +-
 modules/forum/forum.module        | 2 +-
 modules/node/node.api.php         | 4 ++--
 modules/taxonomy/taxonomy.api.php | 2 +-
 modules/user/user.module          | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/modules/block/block.module b/modules/block/block.module
index ed9c8c089d74..f69e72220fea 100644
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -353,7 +353,7 @@ function block_box_save($edit, $delta) {
 function block_user_form(&$edit, &$account, $category = NULL) {
   if ($category == 'account') {
     $rids = array_keys($account->roles);
-    $result = db_query("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (" . db_placeholders($rids) . ") OR r.rid IS NULL) ORDER BY b.weight, b.module", $rids);
+    $result = db_query("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (:rids) OR r.rid IS NULL) ORDER BY b.weight, b.module", array(':rids' => $rids));
     $form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
     while ($block = db_fetch_object($result)) {
       $data = module_invoke($block->module, 'block_list');
diff --git a/modules/book/book.module b/modules/book/book.module
index 38a10a84e9ad..64f02c450b28 100644
--- a/modules/book/book.module
+++ b/modules/book/book.module
@@ -723,7 +723,7 @@ function book_build_active_trail($book_link) {
  * Implementation of hook_nodeapi_load().
  */
 function book_nodeapi_load($nodes, $types) {
-  $result = db_query("SELECT * FROM {book} b INNER JOIN {menu_links} ml ON b.mlid = ml.mlid WHERE b.nid IN (" . db_placeholders(array_keys($nodes)) . ")",  array_keys($nodes), array('fetch' => PDO::FETCH_ASSOC));
+  $result = db_query("SELECT * FROM {book} b INNER JOIN {menu_links} ml ON b.mlid = ml.mlid WHERE b.nid IN (:nids)", array(':nids' =>  array_keys($nodes)), array('fetch' => PDO::FETCH_ASSOC));
   foreach ($result as $record) {
     $nodes[$record['nid']]->book = $record;
     $nodes[$record['nid']]->book['href'] = $record['link_path'];
diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 4f47d9657ae5..aa27ea65103c 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -605,7 +605,7 @@ function comment_nodeapi_load($nodes, $types) {
 
   // For nodes with comments enabled, fetch information from the database.
   if (!empty($comments_enabled)) {
-    $result = db_query('SELECT nid, last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid IN(' . db_placeholders($comments_enabled) . ')', $comments_enabled);
+    $result = db_query('SELECT nid, last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid IN(:comments_enabled)', array(':comments_enabled' => $comments_enabled));
     foreach ($result as $record) {
       $nodes[$record->nid]->last_comment_timestamp = $record->last_comment_timestamp;
       $nodes[$record->nid]->last_comment_name = $record->last_comment_name;
diff --git a/modules/forum/forum.module b/modules/forum/forum.module
index b70e528159ef..d652eeff8114 100644
--- a/modules/forum/forum.module
+++ b/modules/forum/forum.module
@@ -358,7 +358,7 @@ function forum_nodeapi_load($nodes, $types) {
     }
   }
   if (!empty($node_vids)) {
-    $result = db_query('SELECT nid, tid FROM {forum} WHERE vid IN(' . db_placeholders($node_vids) . ')', $node_vids);
+    $result = db_query('SELECT nid, tid FROM {forum} WHERE vid IN(:node_vids)', array(':node_vids' => $node_vids));
     foreach ($result as $record) {
       $nodes[$record->nid]->forum_tid = $record->tid;
     }
diff --git a/modules/node/node.api.php b/modules/node/node.api.php
index 2c8f43387a98..e29d3aeabf8a 100644
--- a/modules/node/node.api.php
+++ b/modules/node/node.api.php
@@ -245,7 +245,7 @@ function hook_nodeapi_insert($node) {
  *   An array containing the types of the nodes.
  */
 function hook_nodeapi_load($nodes, $types) {
-  $result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN(' . db_placeholders(array_keys($nodes)) . ')', array_keys($nodes));
+  $result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN(:nids)', array(':nids' => array_keys($nodes)));
   foreach ($result as $record) {
     $nodes[$record->nid]->foo = $record->foo;
   }
@@ -693,7 +693,7 @@ function hook_insert($node) {
  * For a detailed usage example, see node_example.module.
  */
 function hook_load($nodes) {
-  $result = db_fetch_object(db_query('SELECT nid, foo FROM {mytable} WHERE nid IN (' . db_placeholders(array_keys($nodes)) . ')', array_keys($nodes)));
+  $result = db_query('SELECT nid, foo FROM {mytable} WHERE nid IN (:nids)', array(':nids' => array_keys($nodes)));
   foreach ($result as $record) {
     $nodes[$record->nid]->foo = $record->foo;
   }
diff --git a/modules/taxonomy/taxonomy.api.php b/modules/taxonomy/taxonomy.api.php
index fd6d2bcd7b30..617204d8a4fb 100644
--- a/modules/taxonomy/taxonomy.api.php
+++ b/modules/taxonomy/taxonomy.api.php
@@ -85,7 +85,7 @@ function hook_taxonomy_vocabulary_delete($vocabulary) {
  *   An array of term objects, indexed by tid.
  */
 function hook_taxonomy_term_load($terms) {
-  $result = db_query('SELECT tid, foo FROM {mytable} WHERE tid IN (' . db_placeholders(array_keys($terms)) . ')', array_keys($terms));
+  $result = db_query('SELECT tid, foo FROM {mytable} WHERE tid IN (:tids)', array(':tids' => array_keys($terms)));
   foreach ($result as $record) {
     $terms[$record->tid]->foo = $record->foo;
   }
diff --git a/modules/user/user.module b/modules/user/user.module
index f97811cc1faa..6282d35c551f 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -489,7 +489,7 @@ function user_role_permissions($roles = array(), $reset = FALSE) {
     if ($fetch) {
       // Get from the database permissions that were not in the static variable.
       // Only role IDs with at least one permission assigned will return rows.
-      $result = db_query("SELECT r.rid, p.permission FROM {role} r INNER JOIN {role_permission} p ON p.rid = r.rid WHERE r.rid IN (" . db_placeholders($fetch) . ")", $fetch);
+      $result = db_query("SELECT r.rid, p.permission FROM {role} r INNER JOIN {role_permission} p ON p.rid = r.rid WHERE r.rid IN (:fetch)", array(':fetch' => $fetch));
 
       while ($row = db_fetch_array($result)) {
         $stored_permissions[$row['rid']][$row['permission']] = TRUE;
-- 
GitLab