1 files changed, 50 insertions, 1 deletions

diff --git a/includes/database.inc b/includes/database.inc
index 772861149..9b6d9b647 100644
--- a/includes/database.inc
+++ b/includes/database.inc
@@ -120,10 +120,59 @@ function db_set_active($name = 'default') {
 }
 
 /**
+ * Runs a basic query in the active database.
+ *
+ * User-supplied arguments to the query should be passed in as separate parameters
+ * so that they can be properly escaped to avoid SQL injection attacks.
+ *
+ * @param $query
+ *   A string containing an SQL query.
+ * @param ...
+ *   A variable number of arguments which are substituted into the query using
+ *   printf() syntax. Instead of a variable number of query arguments, you may
+ *   also pass a single array containing the query arguments.
+ * @return
+ *   A database query result resource, or FALSE if the query was not executed
+ *   correctly.
+ */
+function db_query($query) {
+  $args = func_get_args();
+  $query = db_prefix_tables($query);
+  if (count($args) > 1) {
+    if (is_array($args[1])) {
+      $args = array_merge(array($query), $args[1]);
+    }
+    $args = array_map('db_escape_string', $args);
+    $args[0] = $query;
+    $query = call_user_func_array('sprintf', $args);
+  }
+  return _db_query($query);
+}
+
+/**
+ * Debugging version of db_query().
+ *
+ * Echoes the query to the browser.
+ */
+function db_queryd($query) {
+  $args = func_get_args();
+  $query = db_prefix_tables($query);
+  if (count($args) > 1) {
+    if (is_array($args[1])) {
+      $args = array_merge(array($query), $args[1]);
+    }
+    $args = array_map('db_escape_string', $args);
+    $args[0] = $query;
+    $query = call_user_func_array('sprintf', $args);
+  }
+  return _db_query($query, 1);
+}
+
+/**
  * @} End of "defgroup database".
  */
 
 // Initialize the default database.
 db_set_active();
 
-?>
+?>
\ No newline at end of file