diff --git a/includes/admin.inc b/includes/admin.inc index 80862181188..303a053fe1a 100644 --- a/includes/admin.inc +++ b/includes/admin.inc @@ -4694,7 +4694,9 @@ function views_ui_get_roles() { static $roles = NULL; if (!isset($roles)) { $roles = array(); - $result = db_query("SELECT r.rid, r.name FROM {role} r ORDER BY r.name"); + // Uses db_query() rather than db_select() because the query is static and + // does not include any variables. + $result = $result = db_query("SELECT r.rid, r.name FROM {role} r ORDER BY r.name"); foreach ($result as $obj) { $roles[$obj->rid] = $obj->name; } diff --git a/lib/Views/aggregator/Plugin/views/argument/CategoryCid.php b/lib/Views/aggregator/Plugin/views/argument/CategoryCid.php index 52636453327..2be3fdd438e 100644 --- a/lib/Views/aggregator/Plugin/views/argument/CategoryCid.php +++ b/lib/Views/aggregator/Plugin/views/argument/CategoryCid.php @@ -28,7 +28,10 @@ class CategoryCid extends Numeric { function title_query() { $titles = array(); - $result = db_query("SELECT c.title FROM {aggregator_category} c WHERE c.cid IN (:cid)", array(':cid' => $this->value)); + $query = db_select('aggregator_category', 'c'); + $query->addField('c', 'title'); + $query->condition('c.cid', $this->value); + $result = $query->execute(); foreach ($result as $term) { $titles[] = check_plain($term->title); } diff --git a/lib/Views/aggregator/Plugin/views/argument/Fid.php b/lib/Views/aggregator/Plugin/views/argument/Fid.php index a68bccf8ed2..2561098e6df 100644 --- a/lib/Views/aggregator/Plugin/views/argument/Fid.php +++ b/lib/Views/aggregator/Plugin/views/argument/Fid.php @@ -29,6 +29,10 @@ class Fid extends Numeric { $titles = array(); $result = db_query("SELECT f.title FROM {aggregator_feed} f WHERE f.fid IN (:fids)", array(':fids' => $this->value)); + $query = db_select('aggregator_feed', 'f'); + $query->addField('f', 'title'); + $query->condition('f.fid', $this->value); + $result = $query->execute(); foreach ($result as $term) { $titles[] = check_plain($term->title); } diff --git a/lib/Views/aggregator/Plugin/views/filter/CategoryCid.php b/lib/Views/aggregator/Plugin/views/filter/CategoryCid.php index 22a9a4190b8..c676ba48587 100644 --- a/lib/Views/aggregator/Plugin/views/filter/CategoryCid.php +++ b/lib/Views/aggregator/Plugin/views/filter/CategoryCid.php @@ -28,7 +28,8 @@ class CategoryCid extends InOperator { } $this->value_options = array(); - + // Uses db_query() rather than db_select() because the query is static and + // does not include any variables. $result = db_query('SELECT * FROM {aggregator_category} ORDER BY title'); foreach ($result as $category) { $this->value_options[$category->cid] = $category->title; diff --git a/lib/Views/aggregator/Plugin/views/row/Rss.php b/lib/Views/aggregator/Plugin/views/row/Rss.php index 9ffaaba17da..e1b519cfdf4 100644 --- a/lib/Views/aggregator/Plugin/views/row/Rss.php +++ b/lib/Views/aggregator/Plugin/views/row/Rss.php @@ -52,12 +52,13 @@ class Rss extends RowPluginBase { function render($row) { $iid = $row->{$this->field_alias}; - $sql = "SELECT ai.iid, ai.fid, ai.title, ai.link, ai.author, ai.description, "; - $sql .= "ai.timestamp, ai.guid, af.title AS feed_title, ai.link AS feed_LINK "; - $sql .= "FROM {aggregator_item} ai LEFT JOIN {aggregator_feed} af ON ai.fid = af.fid "; - $sql .= "WHERE ai.iid = :iid"; - - $item = db_query($sql, array(':iid' => $iid))->fetchObject(); + $query = db_select('aggregator_item', 'ai'); + $query->leftJoin('aggregator_feed', 'af', 'ai.fid = af.fid'); + $query->fields('ai'); + $query->addExpression('af.title', 'feed_title'); + $query->addExpression('ai.link', 'feed_LINK'); + $query->condition('iid', $iid); + $result = $query->execute(); $item->elements = array( array( diff --git a/lib/Views/comment/Plugin/views/argument/UserUid.php b/lib/Views/comment/Plugin/views/argument/UserUid.php index abb44b596a1..1ffa4ba91cc 100644 --- a/lib/Views/comment/Plugin/views/argument/UserUid.php +++ b/lib/Views/comment/Plugin/views/argument/UserUid.php @@ -28,7 +28,10 @@ class UserUid extends ArgumentPluginBase { $title = config('user.settings')->get('anonymous'); } else { - $title = db_query('SELECT u.name FROM {users} u WHERE u.uid = :uid', array(':uid' => $this->argument))->fetchField(); + $query = db_select('users', 'u'); + $query->addField('u', 'name'); + $query->condition('u.uid', $this->argument); + $title = $query->execute()->fetchField(); } if (empty($title)) { return t('No user'); diff --git a/lib/Views/comment/Plugin/views/field/NodeNewComments.php b/lib/Views/comment/Plugin/views/field/NodeNewComments.php index 3cb5fc7c5c8..6c5aab64bed 100644 --- a/lib/Views/comment/Plugin/views/field/NodeNewComments.php +++ b/lib/Views/comment/Plugin/views/field/NodeNewComments.php @@ -73,15 +73,16 @@ class NodeNewComments extends Numeric { } if ($nids) { - $result = db_query("SELECT n.nid, COUNT(c.cid) as num_comments FROM {node} n INNER JOIN {comment} c ON n.nid = c.nid - LEFT JOIN {history} h ON h.nid = n.nid AND h.uid = :h_uid WHERE n.nid IN (:nids) - AND c.changed > GREATEST(COALESCE(h.timestamp, :timestamp), :timestamp) AND c.status = :status GROUP BY n.nid ", array( - ':status' => COMMENT_PUBLISHED, - ':h_uid' => $user->uid, - ':nids' => $nids, - ':timestamp' => NODE_NEW_LIMIT, - )); - + $query = db_select('node', 'n'); + $query->addField('n', 'nid'); + $query->innerJoin('comment', 'c', 'n.nid = c.nid'); + $query->addExpression('COUNT(c.cid)', 'num_comments'); + $query->leftJoin('history', 'h', 'h.nid = n.nid'); + $query->condition('n.nid', $nids); + $query->where('c.changed > GREATEST(COALESCE(h.timestamp, :timestamp), :timestamp)', array(':timestamp' => NODE_NEW_LIMIT)); + $query->condition('c.status', COMMENT_PUBLISHED); + $query->groupBy('n.nid'); + $result = $query->execute(); foreach ($result as $node) { foreach ($ids[$node->nid] as $id) { $values[$id]->{$this->field_alias} = $node->num_comments; diff --git a/lib/Views/locale/Plugin/views/filter/Version.php b/lib/Views/locale/Plugin/views/filter/Version.php index 9d7367852dd..a450317ea59 100644 --- a/lib/Views/locale/Plugin/views/filter/Version.php +++ b/lib/Views/locale/Plugin/views/filter/Version.php @@ -27,6 +27,8 @@ class Version extends InOperator { $this->value_title = t('Version'); // Enable filtering by the current installed Drupal version. $versions = array('***CURRENT_VERSION***' => t('Current installed version')); + // Uses db_query() rather than db_select() because the query is static and + // does not include any variables. $result = db_query('SELECT DISTINCT(version) FROM {locales_source} ORDER BY version'); foreach ($result as $row) { if (!empty($row->version)) { diff --git a/lib/Views/node/Plugin/views/argument/Vid.php b/lib/Views/node/Plugin/views/argument/Vid.php index 45350e41224..48376152a0b 100644 --- a/lib/Views/node/Plugin/views/argument/Vid.php +++ b/lib/Views/node/Plugin/views/argument/Vid.php @@ -28,8 +28,11 @@ class Vid extends Numeric { function title_query() { $titles = array(); - $results = db_query("SELECT nr.vid, nr.nid, nr.title FROM {node_revision} nr WHERE nr.vid IN (:vids)", array(':vids' => $this->value))->fetchAllAssoc('vid', PDO::FETCH_ASSOC); - + $results = db_select('node_revision', 'nr') + ->fields('nr', array('vid', 'nid', 'title')) + ->condition('nr.vid', $this->value) + ->execute() + ->fetchAllAssoc('vid', PDO::FETCH_ASSOC); $nids = array(); foreach ($results as $result) { $nids[] = $result['nid']; diff --git a/lib/Views/system/Plugin/views/filter/Type.php b/lib/Views/system/Plugin/views/filter/Type.php index f1ef7de77d0..0cdb44f8cdc 100644 --- a/lib/Views/system/Plugin/views/filter/Type.php +++ b/lib/Views/system/Plugin/views/filter/Type.php @@ -25,6 +25,8 @@ class Type extends InOperator { $this->value_title = t('Type'); // Enable filtering by type. $types = array(); + // Uses db_query() rather than db_select() because the query is static and + // does not include any variables. $types = db_query('SELECT DISTINCT(type) FROM {system} ORDER BY type')->fetchAllKeyed(0, 0); $this->value_options = $types; } diff --git a/lib/Views/taxonomy/Plugin/views/argument/VocabularyMachineName.php b/lib/Views/taxonomy/Plugin/views/argument/VocabularyMachineName.php index a17577349e5..71e7227a06b 100644 --- a/lib/Views/taxonomy/Plugin/views/argument/VocabularyMachineName.php +++ b/lib/Views/taxonomy/Plugin/views/argument/VocabularyMachineName.php @@ -26,7 +26,10 @@ class VocabularyMachineName extends String { * Override the behavior of title(). Get the name of the vocabulary.. */ function title() { - $title = db_query("SELECT v.name FROM {taxonomy_vocabulary} v WHERE v.machine_name = :machine_name", array(':machine_name' => $this->argument))->fetchField(); + $query = db_select('taxonomy_vocabulary', 'v'); + $query->addField('v', 'name'); + $query->condition('v.machine_name', $this->argument); + $title = $query->execute()->fetchField(); if (empty($title)) { return t('No vocabulary'); diff --git a/lib/Views/taxonomy/Plugin/views/argument/VocabularyVid.php b/lib/Views/taxonomy/Plugin/views/argument/VocabularyVid.php index 96ed2ff9db5..7613f06257a 100644 --- a/lib/Views/taxonomy/Plugin/views/argument/VocabularyVid.php +++ b/lib/Views/taxonomy/Plugin/views/argument/VocabularyVid.php @@ -26,8 +26,10 @@ class VocabularyVid extends Numeric { * Override the behavior of title(). Get the name of the vocabulary. */ function title() { - $title = db_query("SELECT v.name FROM {taxonomy_vocabulary} v WHERE v.vid = :vid", array(':vid' => $this->argument))->fetchField(); - + $query = db_select('taxonomy_vocabulary', 'v'); + $query->addField('v', 'name'); + $query->condition('v.vid', $this->argument); + $title = $query->execute()->fetchField(); if (empty($title)) { return t('No vocabulary'); } diff --git a/lib/Views/translation/Plugin/views/argument/NodeTnid.php b/lib/Views/translation/Plugin/views/argument/NodeTnid.php index 2239a73c4bf..53d60fc85c4 100644 --- a/lib/Views/translation/Plugin/views/argument/NodeTnid.php +++ b/lib/Views/translation/Plugin/views/argument/NodeTnid.php @@ -28,7 +28,10 @@ class NodeTnid extends Numeric { function title_query() { $titles = array(); - $result = db_query("SELECT n.title FROM {node} n WHERE n.tnid IN (:tnids)", array(':tnids' => $this->value)); + $query = db_select('node', 'n'); + $query->addField('n', 'title'); + $query->condition('n.tnid', $this->value); + $result = $query->execute(); foreach ($result as $term) { $titles[] = check_plain($term->title); } diff --git a/lib/Views/user/Plugin/views/argument/RolesRid.php b/lib/Views/user/Plugin/views/argument/RolesRid.php index 040e4e082f5..80c7c67408c 100644 --- a/lib/Views/user/Plugin/views/argument/RolesRid.php +++ b/lib/Views/user/Plugin/views/argument/RolesRid.php @@ -25,7 +25,10 @@ class RolesRid extends ManyToOne { function title_query() { $titles = array(); - $result = db_query("SELECT name FROM {role} WHERE rid IN (:rids)", array(':rids' => $this->value)); + $query = db_select('role', 'r'); + $query->addField('r', 'name'); + $query->condition('r.rid', $this->value); + $result = $query->execute(); foreach ($result as $term) { $titles[] = check_plain($term->name); } diff --git a/lib/Views/user/Plugin/views/argument_validator/User.php b/lib/Views/user/Plugin/views/argument_validator/User.php index 5f0df2b94b3..9ada23b8596 100644 --- a/lib/Views/user/Plugin/views/argument_validator/User.php +++ b/lib/Views/user/Plugin/views/argument_validator/User.php @@ -85,7 +85,7 @@ class User extends ArgumentValidatorPluginBase { // real global $user object. $account = clone $GLOBALS['user']; } - $where = 'uid = :argument'; + $condition = 'uid'; } } else { @@ -94,18 +94,21 @@ class User extends ArgumentValidatorPluginBase { if ($argument == $name) { $account = clone $GLOBALS['user']; } - $where = "name = :argument"; + $condition = 'name'; } } // If we don't have a WHERE clause, the argument is invalid. - if (empty($where)) { + if (empty($condition)) { return FALSE; } if (!isset($account)) { - $query = "SELECT uid, name FROM {users} WHERE $where"; - $account = db_query($query, array(':argument' => $argument))->fetchObject(); + $account = db_select('users', 'u') + ->fields('u', array('uid', 'name')) + ->condition($condition, $argument) + ->execute() + ->fetchObject(); } if (empty($account)) { // User not found. @@ -117,7 +120,10 @@ class User extends ArgumentValidatorPluginBase { $roles = $this->options['roles']; $account->roles = array(); $account->roles[] = $account->uid ? DRUPAL_AUTHENTICATED_RID : DRUPAL_ANONYMOUS_RID; - $result = db_query('SELECT rid FROM {users_roles} WHERE uid = :uid', array(':uid' => $account->uid)); + $query = db_select('users_roles', 'u'); + $query->addField('u', 'rid'); + $query->condition('u.uid', $account->uid); + $result = $query->execute(); foreach ($result as $role) { $account->roles[] = $role->rid; } diff --git a/lib/Views/user/Plugin/views/field/Permissions.php b/lib/Views/user/Plugin/views/field/Permissions.php index 1e36c892b32..c1112afe67a 100644 --- a/lib/Views/user/Plugin/views/field/Permissions.php +++ b/lib/Views/user/Plugin/views/field/Permissions.php @@ -52,8 +52,14 @@ class Permissions extends PrerenderList { $permissions = module_invoke_all('permission'); - $result = db_query("SELECT u.uid, u.rid, rp.permission FROM {role_permission} rp INNER JOIN {users_roles} u ON u.rid = rp.rid WHERE u.uid IN (:uids) AND rp.module IN (:modules) ORDER BY rp.permission", - array(':uids' => $uids, ':modules' => array_keys($modules))); + $query = db_select('role_permission', 'rp'); + $query->join('users_roles', 'u', 'u.rid = rp.rid'); + $query->fields('u', array('uid', 'rid')); + $query->addField('rp', 'permission'); + $query->condition('u.uid', $uids); + $query->condition('rp.module', array_keys($modules)); + $query->orderBy('rp.permission'); + $result = $query->execute(); foreach ($result as $perm) { $this->items[$perm->uid][$perm->permission]['permission'] = $permissions[$perm->permission]['title']; diff --git a/lib/Views/user/Plugin/views/field/Roles.php b/lib/Views/user/Plugin/views/field/Roles.php index 2ab6bb6c64a..e50c3f4f44e 100644 --- a/lib/Views/user/Plugin/views/field/Roles.php +++ b/lib/Views/user/Plugin/views/field/Roles.php @@ -41,8 +41,13 @@ class Roles extends PrerenderList { } if ($uids) { - $result = db_query("SELECT u.uid, u.rid, r.name FROM {role} r INNER JOIN {users_roles} u ON u.rid = r.rid WHERE u.uid IN (:uids) ORDER BY r.name", - array(':uids' => $uids)); + $query = db_select('role', 'r'); + $query->join('users_roles', 'u', 'u.rid = r.rid'); + $query->addField('r', 'name'); + $query->fields('u', array('uid', 'rid')); + $query->condition('u.uid', $uids); + $query->orderBy('r.name'); + $result = $query->execute(); foreach ($result as $role) { $this->items[$role->uid][$role->rid]['role'] = check_plain($role->name); $this->items[$role->uid][$role->rid]['rid'] = $role->rid; diff --git a/lib/Views/user/Plugin/views/filter/Name.php b/lib/Views/user/Plugin/views/filter/Name.php index 243bff0be37..b85f390e083 100644 --- a/lib/Views/user/Plugin/views/filter/Name.php +++ b/lib/Views/user/Plugin/views/filter/Name.php @@ -27,7 +27,7 @@ class Name extends InOperator { function value_form(&$form, &$form_state) { $values = array(); if ($this->value) { - $result = db_query("SELECT * FROM {users} u WHERE uid IN (:uids)", array(':uids' => $this->value)); + $result = entity_load_multiple_by_properties('user', array('uid' => $this->value)); foreach ($result as $account) { if ($account->uid) { $values[] = $account->name; @@ -131,7 +131,7 @@ class Name extends InOperator { return $uids; } - $result = db_query("SELECT * FROM {users} WHERE name IN (:names)", array(':names' => $args)); + $result = entity_load_multiple_by_properties('user', array('name' => $args)); foreach ($result as $account) { unset($missing[strtolower($account->name)]); $uids[] = $account->uid; @@ -156,8 +156,7 @@ class Name extends InOperator { $this->value_options = array(); if ($this->value) { - $result = db_query("SELECT * FROM {users} u WHERE uid IN (:uids)", array(':uids' => $this->value)); - + $result = entity_load_multiple_by_properties('user', array('uid' => $this->value)); foreach ($result as $account) { if ($account->uid) { $this->value_options[$account->uid] = $account->name;