10 files changed, 94 insertions, 165 deletions

diff --git a/includes/database.inc b/includes/database.inc
index 772861149..9b6d9b647 100644
--- a/includes/database.inc
+++ b/includes/database.inc
@@ -120,10 +120,59 @@ function db_set_active($name = 'default') {
 }
 
 /**
+ * Runs a basic query in the active database.
+ *
+ * User-supplied arguments to the query should be passed in as separate parameters
+ * so that they can be properly escaped to avoid SQL injection attacks.
+ *
+ * @param $query
+ *   A string containing an SQL query.
+ * @param ...
+ *   A variable number of arguments which are substituted into the query using
+ *   printf() syntax. Instead of a variable number of query arguments, you may
+ *   also pass a single array containing the query arguments.
+ * @return
+ *   A database query result resource, or FALSE if the query was not executed
+ *   correctly.
+ */
+function db_query($query) {
+  $args = func_get_args();
+  $query = db_prefix_tables($query);
+  if (count($args) > 1) {
+    if (is_array($args[1])) {
+      $args = array_merge(array($query), $args[1]);
+    }
+    $args = array_map('db_escape_string', $args);
+    $args[0] = $query;
+    $query = call_user_func_array('sprintf', $args);
+  }
+  return _db_query($query);
+}
+
+/**
+ * Debugging version of db_query().
+ *
+ * Echoes the query to the browser.
+ */
+function db_queryd($query) {
+  $args = func_get_args();
+  $query = db_prefix_tables($query);
+  if (count($args) > 1) {
+    if (is_array($args[1])) {
+      $args = array_merge(array($query), $args[1]);
+    }
+    $args = array_map('db_escape_string', $args);
+    $args[0] = $query;
+    $query = call_user_func_array('sprintf', $args);
+  }
+  return _db_query($query, 1);
+}
+
+/**
  * @} End of "defgroup database".
  */
 
 // Initialize the default database.
 db_set_active();
 
-?>
+?>
\ No newline at end of file
diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc
index dbae5254d..6b6a16399 100644
--- a/includes/database.mysql.inc
+++ b/includes/database.mysql.inc
@@ -35,65 +35,6 @@ function db_connect($url) {
 }
 
 /**
- * Runs a basic query in the active database.
- *
- * User-supplied arguments to the query should be passed in as separate parameters
- * so that they can be properly escaped to avoid SQL injection attacks.
- *
- * @param $query
- *   A string containing an SQL query.
- * @param ...
- *   A variable number of arguments which are substituted into the query using
- *   printf() syntax.
- * @return
- *   A database query result resource, or FALSE if the query was not executed
- *   correctly.
- */
-function db_query($query) {
-  $args = func_get_args();
-
-  $query = db_prefix_tables($query);
-  if (count($args) > 1) {
-    if(is_array($args[1])){
-      $args1 = array_map('db_escape_string', $args[1]);
-      $nargs = array_merge(array($query), $args1);
-    }
-    else {
-      $nargs = array_map('db_escape_string', $args);
-      $nargs[0] = $query;
-    }
-    return _db_query(call_user_func_array('sprintf', $nargs));
-  }
-  else {
-    return _db_query($query);
-  }
-}
-
-/**
- * Debugging version of db_query().
- *
- * Echoes the query to the browser.
- */
-function db_queryd($query) {
-  $args = func_get_args();
-  $query = db_prefix_tables($query);
-  if (count($args) > 1) {
-    if(is_array($args[1])){
-      $args1 = array_map('db_escape_string', $args[1]);
-      $nargs = array_merge(array($query), $args1);
-    }
-    else {
-      $nargs = array_map('db_escape_string', $args);
-      $nargs[0] = $query;
-    }
-    return _db_query(call_user_func_array('sprintf', $nargs), 1);
-  }
-  else {
-    return _db_query($query, 1);
-  }
-}
-
-/**
  * Helper function for db_query().
  */
 function _db_query($query, $debug = 0) {
@@ -234,7 +175,8 @@ function db_affected_rows() {
  *   A string containing an SQL query.
  * @param ...
  *   A variable number of arguments which are substituted into the query using
- *   printf() syntax.
+ *   printf() syntax. Instead of a variable number of query arguments, you may
+ *   also pass a single array containing the query arguments.
  * @param $from
  *   The first result row to return.
  * @param $count
@@ -247,16 +189,17 @@ function db_query_range($query) {
   $args = func_get_args();
   $count = array_pop($args);
   $from = array_pop($args);
+
+  $query = db_prefix_tables($query);
   if (count(func_get_args()) > 3) {
+    // Check for array (alternative syntax).
+    if (is_array($args[1])) {
+      $args = array_merge(array($query), $args[1]);
+    }
     $args = array_map('db_escape_string', $args);
-    $query = db_prefix_tables($query);
     $args[0] = $query;
     $query = call_user_func_array('sprintf', $args);
   }
-  else {
-    $query = func_get_arg(0);
-    $query = db_prefix_tables($query);
-  }
   $query .= ' LIMIT '. $from .', '. $count;
   return _db_query($query);
 }
@@ -296,4 +239,4 @@ function db_escape_string($text) {
  * @} End of "ingroup database".
  */
 
-?>
+?>
\ No newline at end of file
diff --git a/includes/database.pgsql.inc b/includes/database.pgsql.inc
index 2d5399018..a5c11cedd 100644
--- a/includes/database.pgsql.inc
+++ b/includes/database.pgsql.inc
@@ -31,65 +31,6 @@ function db_connect($url) {
 }
 
 /**
- * Runs a basic query in the active database.
- *
- * User-supplied arguments to the query should be passed in as separate parameters
- * so that they can be properly escaped to avoid SQL injection attacks.
- *
- * @param $query
- *   A string containing an SQL query.
- * @param ...
- *   A variable number of arguments which are substituted into the query using
- *   printf() syntax.
- * @return
- *   A database query result resource, or FALSE if the query was not executed
- *   correctly.
- */
-function db_query($query) {
-  $args = func_get_args();
-
-  $query = db_prefix_tables($query);
-  if (count($args) > 1) {
-    if(is_array($args[1])){
-      $args1 = array_map('db_escape_string', $args[1]);
-      $nargs = array_merge(array($query), $args1);
-    }
-    else {
-      $nargs = array_map('db_escape_string', $args);
-      $nargs[0] = $query;
-    }
-    return _db_query(call_user_func_array('sprintf', $nargs));
-  }
-  else {
-    return _db_query($query);
-  }
-}
-
-/**
- * Debugging version of db_query().
- *
- * Echoes the query to the browser.
- */
-function db_queryd($query) {
-  $args = func_get_args();
-  $query = db_prefix_tables($query);
-  if (count($args) > 1) {
-    if(is_array($args[1])){
-      $args1 = array_map('db_escape_string', $args[1]);
-      $nargs = array_merge(array($query), $args1);
-    }
-    else {
-      $nargs = array_map('db_escape_string', $args);
-      $nargs[0] = $query;
-    }
-    return _db_query(call_user_func_array('sprintf', $nargs), 1);
-  }
-  else {
-    return _db_query($query, 1);
-  }
-}
-
-/**
  * Helper function for db_query().
  */
 function _db_query($query, $debug = 0) {
@@ -228,7 +169,8 @@ function db_affected_rows() {
  *   A string containing an SQL query.
  * @param ...
  *   A variable number of arguments which are substituted into the query using
- *   printf() syntax.
+ *   printf() syntax. Instead of a variable number of query arguments, you may
+ *   also pass a single array containing the query arguments.
  * @param $from
  *   The first result row to return.
  * @param $count
@@ -241,16 +183,17 @@ function db_query_range($query) {
   $args = func_get_args();
   $count = array_pop($args);
   $from = array_pop($args);
+
+  $query = db_prefix_tables($query);
   if (count(func_get_args()) > 3) {
+    // Check for array (alternative syntax).
+    if (is_array($args[1])) {
+      $args = array_merge(array($query), $args[1]);
+    }
     $args = array_map('db_escape_string', $args);
-    $query = db_prefix_tables($query);
     $args[0] = $query;
     $query = call_user_func_array('sprintf', $args);
   }
-  else {
-    $query = func_get_arg(0);
-    $query = db_prefix_tables($query);
-  }
   $query .= ' LIMIT '. $count .' OFFSET '. $from;
   return _db_query($query);
 }
@@ -291,4 +234,4 @@ function db_escape_string($text) {
  * @} End of "ingroup database".
  */
 
-?>
+?>
\ No newline at end of file
diff --git a/includes/pager.inc b/includes/pager.inc
index 279dd3d61..855a913a5 100644
--- a/includes/pager.inc
+++ b/includes/pager.inc
@@ -39,7 +39,9 @@
  *   An SQL query used to count matching records.
  * @param ...
  *   A variable number of arguments which are substituted into the query (and
- *   also the count query) using printf() syntax.
+ *   the count query) using printf() syntax. Instead of a variable number of
+ *   query arguments, you may also pass a single array containing the query
+ *   arguments.
  * @return
  *   A database query result resource, or FALSE if the query was not executed
  *   correctly.
@@ -58,12 +60,12 @@ function pager_query($query, $limit = 10, $element = 0, $count_query = NULL) {
   if (!isset($count_query)) {
     $count_query = preg_replace(array('/SELECT.*?FROM/As', '/ORDER BY .*/'), array('SELECT COUNT(*) FROM', ''), $query);
   }
-  $pager_total[$element] = db_result(call_user_func_array('db_query', array_merge(array($count_query), $args)));
+  $pager_total[$element] = db_result(db_query($count_query, $args));
 
   // Convert comma-separated $from to an array, used by other functions.
   $pager_from_array = explode(',', $from);
 
-  return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+  return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
 }
 
 /**
@@ -369,4 +371,4 @@ function pager_load_array($value, $element, $old_array) {
   return $new_array;
 }
 
-?>
+?>
\ No newline at end of file
diff --git a/modules/filter.module b/modules/filter.module
index 96287c911..cc4ccfbcf 100644
--- a/modules/filter.module
+++ b/modules/filter.module
@@ -467,20 +467,20 @@ function filter_formats() {
   if (!isset($formats)) {
     $formats = array();
 
-    $query = array('SELECT * FROM {filter_formats}');
+    $query = 'SELECT * FROM {filter_formats}';
 
     // Build query for selecting the format(s) based on the user's roles.
     if (!$all) {
       $where = array();
       foreach ($user->roles as $rid => $role) {
         $where[] = "roles LIKE '%%,%d,%%'";
-        $query[] = $rid;
+        $args[] = $rid;
       }
-      $query[0] .= ' WHERE '. implode(' OR ', $where) . ' OR format = %d';
-      $query[] = variable_get('filter_default_format', 1);
+      $query .= ' WHERE '. implode(' OR ', $where) . ' OR format = %d';
+      $args[] = variable_get('filter_default_format', 1);
     }
 
-    $result = call_user_func_array('db_query', $query);
+    $result = db_query($query, $args);
     while ($format = db_fetch_object($result)) {
       $formats[$format->format] = $format;
     }
@@ -867,4 +867,4 @@ function _filter_autop($text) {
  * @} End of "Standard filters".
  */
 
-?>
+?>
\ No newline at end of file
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index 96287c911..cc4ccfbcf 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -467,20 +467,20 @@ function filter_formats() {
   if (!isset($formats)) {
     $formats = array();
 
-    $query = array('SELECT * FROM {filter_formats}');
+    $query = 'SELECT * FROM {filter_formats}';
 
     // Build query for selecting the format(s) based on the user's roles.
     if (!$all) {
       $where = array();
       foreach ($user->roles as $rid => $role) {
         $where[] = "roles LIKE '%%,%d,%%'";
-        $query[] = $rid;
+        $args[] = $rid;
       }
-      $query[0] .= ' WHERE '. implode(' OR ', $where) . ' OR format = %d';
-      $query[] = variable_get('filter_default_format', 1);
+      $query .= ' WHERE '. implode(' OR ', $where) . ' OR format = %d';
+      $args[] = variable_get('filter_default_format', 1);
     }
 
-    $result = call_user_func_array('db_query', $query);
+    $result = db_query($query, $args);
     while ($format = db_fetch_object($result)) {
       $formats[$format->format] = $format;
     }
@@ -867,4 +867,4 @@ function _filter_autop($text) {
  * @} End of "Standard filters".
  */
 
-?>
+?>
\ No newline at end of file
diff --git a/modules/search.module b/modules/search.module
index 69714827d..7e02865d2 100644
--- a/modules/search.module
+++ b/modules/search.module
@@ -454,8 +454,7 @@ function do_search($keys, $type, $join = '', $where = '1') {
 
   // Do pager query
   $query = "SELECT i.type, i.sid, i.word, SUM(i.score/t.count) AS score FROM {search_index} i $join INNER JOIN {search_total} t ON i.word = t.word WHERE $where GROUP BY i.type, i.sid ORDER BY score DESC";
-  $arguments = array_merge(array($query, 15, 0, $count_query), $arguments);
-  $result = call_user_func_array('pager_query', $arguments);
+  $result = pager_query($query, 15, 0, $count_query, $arguments);
 
   $results = array();
   while ($item = db_fetch_object($result)) {
@@ -754,4 +753,4 @@ function theme_search_item($item, $type) {
 }
 
 
-?>
+?>
\ No newline at end of file
diff --git a/modules/search/search.module b/modules/search/search.module
index 69714827d..7e02865d2 100644
--- a/modules/search/search.module
+++ b/modules/search/search.module
@@ -454,8 +454,7 @@ function do_search($keys, $type, $join = '', $where = '1') {
 
   // Do pager query
   $query = "SELECT i.type, i.sid, i.word, SUM(i.score/t.count) AS score FROM {search_index} i $join INNER JOIN {search_total} t ON i.word = t.word WHERE $where GROUP BY i.type, i.sid ORDER BY score DESC";
-  $arguments = array_merge(array($query, 15, 0, $count_query), $arguments);
-  $result = call_user_func_array('pager_query', $arguments);
+  $result = pager_query($query, 15, 0, $count_query, $arguments);
 
   $results = array();
   while ($item = db_fetch_object($result)) {
@@ -754,4 +753,4 @@ function theme_search_item($item, $type) {
 }
 
 
-?>
+?>
\ No newline at end of file
diff --git a/modules/user.module b/modules/user.module
index 54364b3ed..cabb5b773 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -61,10 +61,7 @@ function user_load($array = array()) {
       $params[] = strtolower($value);
     }
   }
-  array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
-  $params[] = 0;
-  $params[] = 1;
-  $result = call_user_func_array('db_query_range', $params);
+  $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
 
   if (db_num_rows($result)) {
     $user = db_fetch_object($result);
@@ -1737,4 +1734,4 @@ function _user_forms(&$edit, $account, $category, $hook = 'form') {
   return $output;
 }
 
-?>
+?>
\ No newline at end of file
diff --git a/modules/user/user.module b/modules/user/user.module
index 54364b3ed..cabb5b773 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -61,10 +61,7 @@ function user_load($array = array()) {
       $params[] = strtolower($value);
     }
   }
-  array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
-  $params[] = 0;
-  $params[] = 1;
-  $result = call_user_func_array('db_query_range', $params);
+  $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
 
   if (db_num_rows($result)) {
     $user = db_fetch_object($result);
@@ -1737,4 +1734,4 @@ function _user_forms(&$edit, $account, $category, $hook = 'form') {
   return $output;
 }
 
-?>
+?>
\ No newline at end of file