diff options
author | Dries Buytaert <dries@buytaert.net> | 2005-11-27 11:52:08 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2005-11-27 11:52:08 +0000 |
commit | 244945365da5153bdcddc2b279319c5ff88f74e6 (patch) | |
tree | c6698813be129dd4b3f27431bd0f7bec3cbb57de /includes/database.mysql.inc | |
parent | 8784a7d13aaa8b768a027069aab6d07cea0f3cb3 (diff) | |
download | brdo-244945365da5153bdcddc2b279319c5ff88f74e6.tar.gz brdo-244945365da5153bdcddc2b279319c5ff88f74e6.tar.bz2 |
- Patch #10407 by Cvbge: fixed cache problems with PostgreSQL.
Diffstat (limited to 'includes/database.mysql.inc')
-rw-r--r-- | includes/database.mysql.inc | 58 |
1 files changed, 34 insertions, 24 deletions
diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc index 8f96dc3bb..ed02fa886 100644 --- a/includes/database.mysql.inc +++ b/includes/database.mysql.inc @@ -214,12 +214,23 @@ function db_affected_rows() { * User-supplied arguments to the query should be passed in as separate parameters * so that they can be properly escaped to avoid SQL injection attacks. * + * Note that if you need to know how many results were returned, you should do + * a SELECT COUNT(*) on the temporary table afterwards. db_num_rows() and + * db_affected_rows() do not give consistent result across different database + * types in this case. + * * @param $query * A string containing an SQL query. * @param ... - * A variable number of arguments which are substituted into the query using - * printf() syntax. Instead of a variable number of query arguments, you may - * also pass a single array containing the query arguments. + * A variable number of arguments which are substituted into the query + * using printf() syntax. The query arguments can be enclosed in one + * array instead. + * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose + * in '') and %%. + * + * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, + * and TRUE values to decimal 1. + * * @param $from * The first result row to return. * @param $count @@ -232,17 +243,14 @@ function db_query_range($query) { $args = func_get_args(); $count = array_pop($args); $from = array_pop($args); + array_shift($args); $query = db_prefix_tables($query); - if (count($args) > 1) { - // Check for array (alternative syntax). - if (is_array($args[1])) { - $args = array_merge(array($query), $args[1]); - } - $args = array_map('db_escape_string', $args); - $args[0] = $query; - $query = call_user_func_array('sprintf', $args); + if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax + $args = $args[0]; } + _db_query_callback($args, TRUE); + $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); $query .= ' LIMIT '. $from .', '. $count; return _db_query($query); } @@ -264,9 +272,15 @@ function db_query_range($query) { * @param $query * A string containing a normal SELECT SQL query. * @param ... - * A variable number of arguments which are substituted into the query using - * printf() syntax. Instead of a variable number of query arguments, you may - * also pass a single array containing the query arguments. + * A variable number of arguments which are substituted into the query + * using printf() syntax. The query arguments can be enclosed in one + * array instead. + * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose + * in '') and %%. + * + * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, + * and TRUE values to decimal 1. + * * @param $table * The name of the temporary table to select into. This name will not be * prefixed as there is no risk of collision. @@ -277,17 +291,14 @@ function db_query_range($query) { function db_query_temporary($query) { $args = func_get_args(); $tablename = array_pop($args); + array_shift($args); $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query)); - if (count($args) > 1) { - // Check for array (alternative syntax). - if (is_array($args[1])) { - $args = array_merge(array($query), $args[1]); - } - $args = array_map('db_escape_string', $args); - $args[0] = $query; - $query = call_user_func_array('sprintf', $args); + if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax + $args = $args[0]; } + _db_query_callback($args, TRUE); + $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); return _db_query($query); } @@ -300,7 +311,7 @@ function db_query_temporary($query) { * Encoded data. */ function db_encode_blob($data) { - return $data; + return "'". mysql_real_escape_string($data) ."'"; } /** @@ -336,7 +347,6 @@ function db_unlock_tables() { db_query('UNLOCK TABLES'); } - /** * @} End of "ingroup database". */ |