diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/database.inc | 51 | ||||
| -rw-r--r-- | includes/database.mysql.inc | 75 | ||||
| -rw-r--r-- | includes/database.pgsql.inc | 75 | ||||
| -rw-r--r-- | includes/pager.inc | 10 |
4 files changed, 74 insertions, 137 deletions
diff --git a/includes/database.inc b/includes/database.inc index 772861149..9b6d9b647 100644 --- a/includes/database.inc +++ b/includes/database.inc @@ -120,10 +120,59 @@ function db_set_active($name = 'default') { } /** + * Runs a basic query in the active database. + * + * User-supplied arguments to the query should be passed in as separate parameters + * so that they can be properly escaped to avoid SQL injection attacks. + * + * @param $query + * A string containing an SQL query. + * @param ... + * A variable number of arguments which are substituted into the query using + * printf() syntax. Instead of a variable number of query arguments, you may + * also pass a single array containing the query arguments. + * @return + * A database query result resource, or FALSE if the query was not executed + * correctly. + */ +function db_query($query) { + $args = func_get_args(); + $query = db_prefix_tables($query); + if (count($args) > 1) { + if (is_array($args[1])) { + $args = array_merge(array($query), $args[1]); + } + $args = array_map('db_escape_string', $args); + $args[0] = $query; + $query = call_user_func_array('sprintf', $args); + } + return _db_query($query); +} + +/** + * Debugging version of db_query(). + * + * Echoes the query to the browser. + */ +function db_queryd($query) { + $args = func_get_args(); + $query = db_prefix_tables($query); + if (count($args) > 1) { + if (is_array($args[1])) { + $args = array_merge(array($query), $args[1]); + } + $args = array_map('db_escape_string', $args); + $args[0] = $query; + $query = call_user_func_array('sprintf', $args); + } + return _db_query($query, 1); +} + +/** * @} End of "defgroup database". */ // Initialize the default database. db_set_active(); -?> +?>
\ No newline at end of file diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc index dbae5254d..6b6a16399 100644 --- a/includes/database.mysql.inc +++ b/includes/database.mysql.inc @@ -35,65 +35,6 @@ function db_connect($url) { } /** - * Runs a basic query in the active database. - * - * User-supplied arguments to the query should be passed in as separate parameters - * so that they can be properly escaped to avoid SQL injection attacks. - * - * @param $query - * A string containing an SQL query. - * @param ... - * A variable number of arguments which are substituted into the query using - * printf() syntax. - * @return - * A database query result resource, or FALSE if the query was not executed - * correctly. - */ -function db_query($query) { - $args = func_get_args(); - - $query = db_prefix_tables($query); - if (count($args) > 1) { - if(is_array($args[1])){ - $args1 = array_map('db_escape_string', $args[1]); - $nargs = array_merge(array($query), $args1); - } - else { - $nargs = array_map('db_escape_string', $args); - $nargs[0] = $query; - } - return _db_query(call_user_func_array('sprintf', $nargs)); - } - else { - return _db_query($query); - } -} - -/** - * Debugging version of db_query(). - * - * Echoes the query to the browser. - */ -function db_queryd($query) { - $args = func_get_args(); - $query = db_prefix_tables($query); - if (count($args) > 1) { - if(is_array($args[1])){ - $args1 = array_map('db_escape_string', $args[1]); - $nargs = array_merge(array($query), $args1); - } - else { - $nargs = array_map('db_escape_string', $args); - $nargs[0] = $query; - } - return _db_query(call_user_func_array('sprintf', $nargs), 1); - } - else { - return _db_query($query, 1); - } -} - -/** * Helper function for db_query(). */ function _db_query($query, $debug = 0) { @@ -234,7 +175,8 @@ function db_affected_rows() { * A string containing an SQL query. * @param ... * A variable number of arguments which are substituted into the query using - * printf() syntax. + * printf() syntax. Instead of a variable number of query arguments, you may + * also pass a single array containing the query arguments. * @param $from * The first result row to return. * @param $count @@ -247,16 +189,17 @@ function db_query_range($query) { $args = func_get_args(); $count = array_pop($args); $from = array_pop($args); + + $query = db_prefix_tables($query); if (count(func_get_args()) > 3) { + // Check for array (alternative syntax). + if (is_array($args[1])) { + $args = array_merge(array($query), $args[1]); + } $args = array_map('db_escape_string', $args); - $query = db_prefix_tables($query); $args[0] = $query; $query = call_user_func_array('sprintf', $args); } - else { - $query = func_get_arg(0); - $query = db_prefix_tables($query); - } $query .= ' LIMIT '. $from .', '. $count; return _db_query($query); } @@ -296,4 +239,4 @@ function db_escape_string($text) { * @} End of "ingroup database". */ -?> +?>
\ No newline at end of file diff --git a/includes/database.pgsql.inc b/includes/database.pgsql.inc index 2d5399018..a5c11cedd 100644 --- a/includes/database.pgsql.inc +++ b/includes/database.pgsql.inc @@ -31,65 +31,6 @@ function db_connect($url) { } /** - * Runs a basic query in the active database. - * - * User-supplied arguments to the query should be passed in as separate parameters - * so that they can be properly escaped to avoid SQL injection attacks. - * - * @param $query - * A string containing an SQL query. - * @param ... - * A variable number of arguments which are substituted into the query using - * printf() syntax. - * @return - * A database query result resource, or FALSE if the query was not executed - * correctly. - */ -function db_query($query) { - $args = func_get_args(); - - $query = db_prefix_tables($query); - if (count($args) > 1) { - if(is_array($args[1])){ - $args1 = array_map('db_escape_string', $args[1]); - $nargs = array_merge(array($query), $args1); - } - else { - $nargs = array_map('db_escape_string', $args); - $nargs[0] = $query; - } - return _db_query(call_user_func_array('sprintf', $nargs)); - } - else { - return _db_query($query); - } -} - -/** - * Debugging version of db_query(). - * - * Echoes the query to the browser. - */ -function db_queryd($query) { - $args = func_get_args(); - $query = db_prefix_tables($query); - if (count($args) > 1) { - if(is_array($args[1])){ - $args1 = array_map('db_escape_string', $args[1]); - $nargs = array_merge(array($query), $args1); - } - else { - $nargs = array_map('db_escape_string', $args); - $nargs[0] = $query; - } - return _db_query(call_user_func_array('sprintf', $nargs), 1); - } - else { - return _db_query($query, 1); - } -} - -/** * Helper function for db_query(). */ function _db_query($query, $debug = 0) { @@ -228,7 +169,8 @@ function db_affected_rows() { * A string containing an SQL query. * @param ... * A variable number of arguments which are substituted into the query using - * printf() syntax. + * printf() syntax. Instead of a variable number of query arguments, you may + * also pass a single array containing the query arguments. * @param $from * The first result row to return. * @param $count @@ -241,16 +183,17 @@ function db_query_range($query) { $args = func_get_args(); $count = array_pop($args); $from = array_pop($args); + + $query = db_prefix_tables($query); if (count(func_get_args()) > 3) { + // Check for array (alternative syntax). + if (is_array($args[1])) { + $args = array_merge(array($query), $args[1]); + } $args = array_map('db_escape_string', $args); - $query = db_prefix_tables($query); $args[0] = $query; $query = call_user_func_array('sprintf', $args); } - else { - $query = func_get_arg(0); - $query = db_prefix_tables($query); - } $query .= ' LIMIT '. $count .' OFFSET '. $from; return _db_query($query); } @@ -291,4 +234,4 @@ function db_escape_string($text) { * @} End of "ingroup database". */ -?> +?>
\ No newline at end of file diff --git a/includes/pager.inc b/includes/pager.inc index 279dd3d61..855a913a5 100644 --- a/includes/pager.inc +++ b/includes/pager.inc @@ -39,7 +39,9 @@ * An SQL query used to count matching records. * @param ... * A variable number of arguments which are substituted into the query (and - * also the count query) using printf() syntax. + * the count query) using printf() syntax. Instead of a variable number of + * query arguments, you may also pass a single array containing the query + * arguments. * @return * A database query result resource, or FALSE if the query was not executed * correctly. @@ -58,12 +60,12 @@ function pager_query($query, $limit = 10, $element = 0, $count_query = NULL) { if (!isset($count_query)) { $count_query = preg_replace(array('/SELECT.*?FROM/As', '/ORDER BY .*/'), array('SELECT COUNT(*) FROM', ''), $query); } - $pager_total[$element] = db_result(call_user_func_array('db_query', array_merge(array($count_query), $args))); + $pager_total[$element] = db_result(db_query($count_query, $args)); // Convert comma-separated $from to an array, used by other functions. $pager_from_array = explode(',', $from); - return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit))); + return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit); } /** @@ -369,4 +371,4 @@ function pager_load_array($value, $element, $old_array) { return $new_array; } -?> +?>
\ No newline at end of file |