diff options
author | Dries Buytaert <dries@buytaert.net> | 2009-08-10 21:00:31 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2009-08-10 21:00:31 +0000 |
commit | 8b11e7eb6935678e299dd4bbb1bcaa6cb4dc2b7d (patch) | |
tree | 82a94fa8815c7a4c1d14ad3d693902db02b1fc29 /includes | |
parent | 88884f89c11d27a29fe85d9debeef1f430e12f59 (diff) | |
download | brdo-8b11e7eb6935678e299dd4bbb1bcaa6cb4dc2b7d.tar.gz brdo-8b11e7eb6935678e299dd4bbb1bcaa6cb4dc2b7d.tar.bz2 |
- Patch #543948 by Damien Tournoud: remove db_type_placeholder().
Diffstat (limited to 'includes')
-rw-r--r-- | includes/database/database.inc | 44 | ||||
-rw-r--r-- | includes/database/mysql/schema.inc | 4 | ||||
-rw-r--r-- | includes/database/pgsql/schema.inc | 4 |
3 files changed, 4 insertions, 48 deletions
diff --git a/includes/database/database.inc b/includes/database/database.inc index a093fab4b..946a495dc 100644 --- a/includes/database/database.inc +++ b/includes/database/database.inc @@ -2175,50 +2175,6 @@ function db_find_tables($table_expression) { return Database::getConnection()->schema()->findTables($table_expression); } -/** - * Given a Schema API field type, return the correct %-placeholder. - * - * Embed the placeholder in a query to be passed to db_query and and pass as an - * argument to db_query a value of the specified type. - * - * @todo Remove this after all queries are converted to type-agnostic form. - * @param $type - * The Schema API type of a field. - * @return - * The placeholder string to embed in a query for that type. - */ -function db_type_placeholder($type) { - switch ($type) { - case 'varchar': - case 'char': - case 'text': - case 'datetime': - return '\'%s\''; - - case 'numeric': - // Numeric values are arbitrary precision numbers. Syntactically, numerics - // should be specified directly in SQL. However, without single quotes - // the %s placeholder does not protect against non-numeric characters such - // as spaces which would expose us to SQL injection. - return '%n'; - - case 'serial': - case 'int': - return '%d'; - - case 'float': - return '%f'; - - case 'blob': - return '%b'; - } - - // There is no safe value to return here, so return something that - // will cause the query to fail. - return 'unsupported type ' . $type . 'for db_type_placeholder'; -} - - function _db_create_keys_sql($spec) { return Database::getConnection()->schema()->createKeysSql($spec); } diff --git a/includes/database/mysql/schema.inc b/includes/database/mysql/schema.inc index 827f274aa..6be46be92 100644 --- a/includes/database/mysql/schema.inc +++ b/includes/database/mysql/schema.inc @@ -286,8 +286,8 @@ class DatabaseSchema_mysql extends DatabaseSchema { $ret[] = update_sql($query); if (isset($spec['initial'])) { // All this because update_sql does not support %-placeholders. - $sql = 'UPDATE {' . $table . '} SET ' . $field . ' = ' . db_type_placeholder($spec['type']); - $result = db_query($sql, $spec['initial']); + $sql = 'UPDATE {' . $table . '} SET ' . $field . ' = :value'; + $result = db_query($sql, array(':value' => $spec['initial'])); $ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql . ' (' . $spec['initial'] . ')')); } if ($fixnull) { diff --git a/includes/database/pgsql/schema.inc b/includes/database/pgsql/schema.inc index 4c638c92c..2d282b50b 100644 --- a/includes/database/pgsql/schema.inc +++ b/includes/database/pgsql/schema.inc @@ -328,8 +328,8 @@ class DatabaseSchema_pgsql extends DatabaseSchema { $ret[] = update_sql($query); if (isset($spec['initial'])) { // All this because update_sql does not support %-placeholders. - $sql = 'UPDATE {' . $table . '} SET ' . $field . ' = ' . db_type_placeholder($spec['type']); - $result = db_query($sql, $spec['initial']); + $sql = 'UPDATE {' . $table . '} SET ' . $field . ' = :value'; + $result = db_query($sql, array(':value' => $spec['initial'])); $ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql . ' (' . $spec['initial'] . ')')); } if ($fixnull) { |