2001-03-10 11:07:52 +00:00
< ? php
2003-07-10 17:46:44 +00:00
// $Id$
2004-07-14 19:15:25 +00:00
/**
* @ file
* Wrapper for database interface code .
*/
/**
* @ defgroup database Database abstraction layer
* @ {
2004-09-09 05:51:08 +00:00
* Allow the use of different database servers using the same code base .
2004-07-14 19:15:25 +00:00
*
* Drupal provides a slim database abstraction layer to provide developers with
* the ability to support multiple database servers easily . The intent of this
* layer is to preserve the syntax and power of SQL as much as possible , while
* letting Drupal control the pieces of queries that need to be written
* differently for different servers and provide basic security checks .
*
* Most Drupal database queries are performed by a call to db_query () or
* db_query_range () . Module authors should also consider using pager_query () for
* queries that return results that need to be presented on multiple pages , and
* tablesort_sql () for generating appropriate queries for sortable tables .
*
* For example , one might wish to return a list of the most recent 10 nodes
* authored by a given user . Instead of directly issuing the SQL query
* @ code
* SELECT n . title , n . body , n . created FROM node n WHERE n . uid = $uid LIMIT 0 , 10 ;
* @ endcode
* one would instead call the Drupal functions :
* @ code
* $result = db_query_range ( ' SELECT n . title , n . body , n . created
* FROM { node } n WHERE n . uid = % d ' , $uid , 0 , 10 );
* while ( $node = db_fetch_object ( $result )) {
* // Perform operations on $node->body, etc. here.
* }
* @ endcode
* Curly braces are used around " node " to provide table prefixing via
* db_prefix_tables () . The explicit use of a user ID is pulled out into an
* argument passed to db_query () so that SQL injection attacks from user input
* can be caught and nullified . The LIMIT syntax varies between database servers ,
* so that is abstracted into db_query_range () arguments . Finally , note the
* common pattern of iterating over the result set using db_fetch_object () .
*/
/**
* Append a database prefix to all tables in a query .
*
* Queries sent to Drupal should wrap all table names in curly brackets . This
* function searches for this syntax and adds Drupal ' s table prefix to all
* tables , allowing Drupal to coexist with other systems in the same database if
* necessary .
*
* @ param $sql
* A string containing a partial or entire SQL query .
* @ return
* The properly - prefixed string .
*/
2003-07-10 17:46:44 +00:00
function db_prefix_tables ( $sql ) {
global $db_prefix ;
2003-08-26 06:44:37 +00:00
if ( is_array ( $db_prefix )) {
2005-04-08 14:24:03 +00:00
if ( array_key_exists ( 'default' , $db_prefix )) {
$tmp = $db_prefix ;
unset ( $tmp [ 'default' ]);
foreach ( $tmp as $key => $val ) {
2004-07-14 19:15:25 +00:00
$sql = strtr ( $sql , array ( '{' . $key . '}' => $val . $key ));
2003-08-26 06:44:37 +00:00
}
2005-04-08 14:24:03 +00:00
return strtr ( $sql , array ( '{' => $db_prefix [ 'default' ], '}' => '' ));
}
else {
foreach ( $db_prefix as $key => $val ) {
$sql = strtr ( $sql , array ( '{' . $key . '}' => $val . $key ));
}
return strtr ( $sql , array ( '{' => '' , '}' => '' ));
2003-08-26 06:44:37 +00:00
}
}
else {
2005-04-08 14:24:03 +00:00
return strtr ( $sql , array ( '{' => $db_prefix , '}' => '' ));
2003-08-26 06:44:37 +00:00
}
2003-07-10 17:46:44 +00:00
}
2000-06-11 13:28:26 +00:00
2004-04-30 05:12:46 +00:00
/**
2004-07-14 19:15:25 +00:00
* Activate a database for future queries .
*
* If it is necessary to use external databases in a project , this function can
* be used to change where database queries are sent . If the database has not
* yet been used , it is initialized using the URL specified for that name in
* Drupal ' s configuration file . If this name is not defined , a duplicate of the
* default connection is made instead .
*
* Be sure to change the connection back to the default when done with custom
* code .
*
* @ param $name
* The name assigned to the newly active database connection . If omitted , the
* default connection will be made active .
2006-03-26 14:11:38 +00:00
*
2006-03-26 14:46:51 +00:00
* @ return the name of the previously active database or FALSE if non was found .
2004-07-14 19:15:25 +00:00
*/
2004-04-30 05:12:46 +00:00
function db_set_active ( $name = 'default' ) {
2004-05-06 20:25:48 +00:00
global $db_url , $db_type , $active_db ;
2004-04-30 05:12:46 +00:00
static $db_conns ;
if ( ! isset ( $db_conns [ $name ])) {
2004-07-14 19:15:25 +00:00
// Initiate a new connection, using the named DB URL specified.
2004-04-30 05:12:46 +00:00
if ( is_array ( $db_url )) {
2004-07-14 19:15:25 +00:00
$connect_url = array_key_exists ( $name , $db_url ) ? $db_url [ $name ] : $db_url [ 'default' ];
2004-04-30 05:12:46 +00:00
}
else {
$connect_url = $db_url ;
}
2004-07-14 19:15:25 +00:00
$db_type = substr ( $connect_url , 0 , strpos ( $connect_url , '://' ));
2006-03-26 14:11:38 +00:00
$handler = " ./includes/database. $db_type .inc " ;
2004-04-30 05:12:46 +00:00
2004-12-30 13:13:22 +00:00
if ( is_file ( $handler )) {
2005-09-08 19:19:01 +00:00
include_once $handler ;
2004-04-30 05:12:46 +00:00
}
else {
2005-07-27 01:58:43 +00:00
drupal_maintenance_theme ();
drupal_set_title ( 'Unsupported database type' );
2005-09-12 20:13:04 +00:00
print theme ( 'maintenance_page' , '<p>The database type ' . theme ( 'placeholder' , $db_type ) . ' is unsupported . Please use either < var > mysql </ var > for MySQL 3. x & amp ; 4.0 . x databases , < var > mysqli </ var > for MySQL 4.1 . x + databases , or < var > pgsql </ var > for PostgreSQL databases . The database information is in your < code > settings . php </ code > file .</ p >
2005-07-27 01:58:43 +00:00
< p > For more help , see the < a href = " http://drupal.org/node/258 " > Installation and upgrading handbook </ a >. If you are unsure what these terms mean you should probably contact your hosting provider .</ p > ' );
exit ;
2004-04-30 05:12:46 +00:00
}
$db_conns [ $name ] = db_connect ( $connect_url );
}
2006-03-26 14:11:38 +00:00
$previous_db = $active_db ;
2004-07-14 19:15:25 +00:00
// Set the active connection.
2004-04-30 05:12:46 +00:00
$active_db = $db_conns [ $name ];
2006-03-26 14:11:38 +00:00
2006-03-26 18:19:04 +00:00
return array_search ( $previous_db , $db_conns );
2001-03-03 22:59:11 +00:00
}
2005-11-27 11:52:08 +00:00
/**
* Helper function for db_query () .
*/
function _db_query_callback ( $match , $init = FALSE ) {
static $args = NULL ;
if ( $init ) {
$args = $match ;
return ;
}
switch ( $match [ 1 ]) {
case '%d' : // We must use type casting to int to convert false/null/(true?)
return ( int ) array_shift ( $args ); // We don't need db_escape_string as numbers are db-safe
case '%s' :
return db_escape_string ( array_shift ( $args ));
case '%%' :
return '%' ;
case '%f' :
return ( float ) array_shift ( $args );
case '%b' : // binary data
return db_encode_blob ( array_shift ( $args ));
}
}
define ( 'DB_QUERY_REGEXP' , '/(%d|%s|%%|%f|%b)/' );
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
/**
* Runs a basic query in the active database .
*
2005-11-27 11:52:08 +00:00
* User - supplied arguments to the query should be passed in as separate
* parameters so that they can be properly escaped to avoid SQL injection
* attacks .
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
*
* @ param $query
* A string containing an SQL query .
* @ param ...
2005-11-27 11:52:08 +00:00
* A variable number of arguments which are substituted into the query
* using printf () syntax . Instead of a variable number of query arguments ,
* you may also pass a single array containing the query arguments .
* Valid %- modifiers are : % s , % d , % f , % b ( binary data , do not enclose
* in '' ) and %%.
*
* NOTE : using this syntax will cast NULL and FALSE values to decimal 0 ,
* and TRUE values to decimal 1.
*
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
* @ return
2005-11-27 11:52:08 +00:00
* A database query result resource , or FALSE if the query was not
* executed correctly .
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
*/
function db_query ( $query ) {
$args = func_get_args ();
2005-11-27 11:52:08 +00:00
array_shift ( $args );
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
$query = db_prefix_tables ( $query );
2005-11-27 11:52:08 +00:00
if ( isset ( $args [ 0 ]) and is_array ( $args [ 0 ])) { // 'All arguments in one array' syntax
$args = $args [ 0 ];
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
}
2005-11-27 11:52:08 +00:00
_db_query_callback ( $args , TRUE );
$query = preg_replace_callback ( DB_QUERY_REGEXP , '_db_query_callback' , $query );
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
return _db_query ( $query );
}
/**
* Debugging version of db_query () .
*
* Echoes the query to the browser .
*/
function db_queryd ( $query ) {
$args = func_get_args ();
2005-11-27 11:52:08 +00:00
array_shift ( $args );
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
$query = db_prefix_tables ( $query );
2005-11-27 11:52:08 +00:00
if ( isset ( $args [ 0 ]) and is_array ( $args [ 0 ])) { // 'All arguments in one array' syntax
$args = $args [ 0 ];
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
}
2005-11-27 11:52:08 +00:00
_db_query_callback ( $args , TRUE );
$query = preg_replace_callback ( DB_QUERY_REGEXP , '_db_query_callback' , $query );
- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
2004-11-29 13:13:29 +00:00
return _db_query ( $query , 1 );
}
2005-01-29 22:02:37 +00:00
/**
* Helper function for db_rewrite_sql .
*
* Collects JOIN and WHERE statements via hook_sql .
* Decides whether to select primary_key or DISTINCT ( primary_key )
*
* @ param $query
2005-01-30 17:48:52 +00:00
* Query to be rewritten .
2005-01-29 22:02:37 +00:00
* @ param $primary_table
2006-04-07 11:28:20 +00:00
* Name or alias of the table which has the primary key field for this query . Possible values are : comments , forum , node , menu , term_data , vocabulary .
2005-01-31 20:45:10 +00:00
* @ param $primary_field
* Name of the primary field .
2005-01-29 22:02:37 +00:00
* @ param $args
2005-01-30 17:48:52 +00:00
* Array of additional arguments .
2005-01-29 22:02:37 +00:00
* @ return
2005-01-30 17:48:52 +00:00
* An array : join statements , where statements , field or DISTINCT ( field ) .
2005-01-29 22:02:37 +00:00
*/
2005-01-31 20:45:10 +00:00
function _db_rewrite_sql ( $query = '' , $primary_table = 'n' , $primary_field = 'nid' , $args = array ()) {
2005-01-29 22:02:37 +00:00
$where = array ();
$join = array ();
$distinct = FALSE ;
foreach ( module_implements ( 'db_rewrite_sql' ) as $module ) {
2005-01-31 20:45:10 +00:00
$result = module_invoke ( $module , 'db_rewrite_sql' , $query , $primary_table , $primary_field , $args );
2005-12-14 20:10:45 +00:00
if ( isset ( $result ) && is_array ( $result )) {
2005-01-29 22:02:37 +00:00
if ( isset ( $result [ 'where' ])) {
2006-03-08 15:13:20 +00:00
$where [] = $result [ 'where' ];
2005-01-29 22:02:37 +00:00
}
if ( isset ( $result [ 'join' ])) {
2006-03-08 15:13:20 +00:00
$join [] = $result [ 'join' ];
2005-01-29 22:02:37 +00:00
}
if ( isset ( $result [ 'distinct' ]) && $result [ 'distinct' ]) {
$distinct = TRUE ;
}
}
elseif ( isset ( $result )) {
2006-03-08 15:13:20 +00:00
$where [] = $result ;
2005-01-29 22:02:37 +00:00
}
}
2005-02-19 22:24:24 +00:00
$where = empty ( $where ) ? '' : '(' . implode ( ') AND (' , $where ) . ')' ;
$join = empty ( $join ) ? '' : implode ( ' ' , $join );
2005-01-29 22:02:37 +00:00
2005-02-19 22:24:24 +00:00
return array ( $join , $where , $distinct );
2005-01-29 22:02:37 +00:00
}
/**
2006-03-08 15:13:20 +00:00
* Rewrites node , taxonomy and comment queries . Use it for listing queries . Do not
* use FROM table1 , table2 syntax , use JOIN instead .
2005-01-29 22:02:37 +00:00
*
* @ param $query
2005-01-30 17:48:52 +00:00
* Query to be rewritten .
2005-01-29 22:02:37 +00:00
* @ param $primary_table
2006-04-07 11:28:20 +00:00
* Name or alias of the table which has the primary key field for this query . Possible values are : comments , forum , node , menu , term_data , vocabulary .
2005-01-31 20:45:10 +00:00
* @ param $primary_field
* Name of the primary field .
2005-01-29 22:02:37 +00:00
* @ param $args
2005-01-30 17:48:52 +00:00
* An array of arguments , passed to the implementations of hook_db_rewrite_sql .
2005-01-29 22:02:37 +00:00
* @ return
* The original query with JOIN and WHERE statements inserted from hook_db_rewrite_sql implementations . nid is rewritten if needed .
*/
2005-01-31 20:45:10 +00:00
function db_rewrite_sql ( $query , $primary_table = 'n' , $primary_field = 'nid' , $args = array ()) {
list ( $join , $where , $distinct ) = _db_rewrite_sql ( $query , $primary_table , $primary_field , $args );
2005-01-29 22:02:37 +00:00
2005-01-31 20:45:10 +00:00
if ( $distinct ) {
2005-02-05 00:12:24 +00:00
$field_to_select = 'DISTINCT(' . $primary_table . '.' . $primary_field . ')' ;
2005-01-31 20:45:10 +00:00
// (?<!text) is a negative look-behind (no need to rewrite queries that already use DISTINCT).
$query = preg_replace ( '/(SELECT.*)(' . $primary_table . '\.)?(?<!DISTINCT\()(?<!DISTINCT\(' . $primary_table . '\.)' . $primary_field . '(.*FROM)/AUsi' , '\1' . $field_to_select . '\3' , $query );
2005-01-29 22:02:37 +00:00
}
2005-01-31 20:45:10 +00:00
2006-03-08 15:13:20 +00:00
if ( ! empty ( $where ) || ! empty ( $join )) {
if ( ! empty ( $where )) {
$new = " WHERE $where " ;
}
$new = " $join $new " ;
2005-01-31 20:45:10 +00:00
if ( strpos ( $query , 'WHERE' )) {
$replace = 'WHERE' ;
$add = 'AND' ;
}
elseif ( strpos ( $query , 'GROUP' )) {
$replace = 'GROUP' ;
$add = 'GROUP' ;
}
elseif ( strpos ( $query , 'ORDER' )) {
$replace = 'ORDER' ;
$add = 'ORDER' ;
}
elseif ( strpos ( $query , 'LIMIT' )) {
$replace = 'LIMIT' ;
$add = 'LIMIT' ;
}
else {
2006-03-08 15:13:20 +00:00
$query .= $new ;
2005-01-31 20:45:10 +00:00
}
if ( isset ( $replace )) {
2006-03-08 15:13:20 +00:00
$query = str_replace ( $replace , " $new $add " , $query );
2005-01-31 20:45:10 +00:00
}
2005-01-29 22:02:37 +00:00
}
2005-01-31 20:45:10 +00:00
2005-01-29 22:02:37 +00:00
return $query ;
}
2006-04-27 20:38:49 +00:00
/**
* Restrict a dynamic tablename to safe characters .
*
* Only keeps alphanumeric and underscores .
*/
function db_escape_table ( $string ) {
return preg_replace ( '/[^A-Za-z0-9_]+/' , '' , $string );
}
2004-07-14 19:15:25 +00:00
/**
2004-09-09 05:51:08 +00:00
* @ } End of " defgroup database " .
2004-07-14 19:15:25 +00:00
*/
2004-04-30 05:12:46 +00:00
2005-08-25 21:14:17 +00:00
