From 9d631d22f920796287041408dd8cf090370bac72 Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Tue, 11 Nov 2008 21:44:01 +0000 Subject: [PATCH] - Patch #314532 by jsaints, Crell, Arancaytar, CorniI, Rob Loach, et al: convert comment module to new DB layer. Doesn't break any additional tests so if we discover a regression, please submit a test with it. --- modules/comment/comment.admin.inc | 4 +- modules/comment/comment.module | 208 ++++++++++++++++++++++-------- modules/comment/comment.pages.inc | 12 +- 3 files changed, 166 insertions(+), 58 deletions(-) diff --git a/modules/comment/comment.admin.inc b/modules/comment/comment.admin.inc index af7f2090bd1..1db6582e5f4 100644 --- a/modules/comment/comment.admin.inc +++ b/modules/comment/comment.admin.inc @@ -128,7 +128,9 @@ function comment_admin_overview_submit($form, &$form_state) { foreach ($form_state['values']['comments'] as $cid => $value) { if ($value) { // Perform the update action, then refresh node statistics. - db_query($query, $cid); + $query + ->condition('cid', $cid ) + ->execute(); $comment = comment_load($cid); _comment_update_node_statistics($comment->nid); // Allow modules to respond to the updating of a comment. diff --git a/modules/comment/comment.module b/modules/comment/comment.module index d1797fef8a5..055e30f92ce 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -317,19 +317,24 @@ function comment_block($op = 'list', $delta = '', $edit = array()) { function comment_get_recent($number = 10) { // Step 1: Select a $number of nodes which have new comments, // and are visible to the current user. - $result = db_query_range(db_rewrite_sql("SELECT nc.nid FROM {node_comment_statistics} nc WHERE nc.comment_count > 0 ORDER BY nc.last_comment_timestamp DESC", 'nc'), 0, $number); - $nids = array(); - while ($row = db_fetch_object($result)) { - $nids[] = $row->nid; - } + $nids = db_query_range("SELECT nc.nid FROM {node_comment_statistics} nc WHERE nc.comment_count > 0 ORDER BY nc.last_comment_timestamp DESC", 0, $number)->fetchCol(); $comments = array(); if (!empty($nids)) { // Step 2: From among the comments on the nodes selected in the first query, // find the $number of most recent comments. - $result = db_query_range('SELECT c.nid, c.subject, c.cid, c.timestamp FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid WHERE c.nid IN (' . implode(',', $nids) . ') AND n.status = 1 AND c.status = %d ORDER BY c.cid DESC', COMMENT_PUBLISHED, 0, $number); - while ($comment = db_fetch_object($result)) { - $comments[] = $comment; + // Using Query Builder here for the IN-Statement. + $result = db_select('comments', 'c') + ->fields('c', array('nid', 'subject', 'cid', 'timestamp') ) + ->innerJoin('node', 'n', 'n.nid = c.nid') + ->condition('c.nid', $nids, 'IN') + ->condition('c.status', COMMENT_PUBLISHED) + ->condition('n.status', 1) + ->orderBy('c.cid', 'DESC') + ->range(0, $number) + ->execute(); + foreach ($result as $comment) { + $comments[] = $comment; } } @@ -365,10 +370,18 @@ function comment_new_page_count($num_comments, $new_replies, $node) { else { // Threaded comments. // Find the first thread with a new comment. - $result = db_query('(SELECT thread FROM {comments} WHERE nid = %d AND status = 0 ORDER BY timestamp DESC LIMIT %d) ORDER BY SUBSTRING(thread, 1, (LENGTH(thread) - 1)) LIMIT 1', $node->nid, $new_replies); - $thread = substr(db_result($result), 0, -1); - $result_count = db_query("SELECT COUNT(*) FROM {comments} WHERE nid = %d AND status = 0 AND SUBSTRING(thread, 1, (LENGTH(thread) - 1)) < '" . $thread . "'", $node->nid); - $count = db_result($result_count); + $result = db_query_range('(SELECT thread + FROM {comments} + WHERE nid = :nid + AND status = 0 + ORDER BY timestamp DESC) + ORDER BY SUBSTRING(thread, 1, (LENGTH(thread) - 1))', array(':nid' => $node->nid), 0, $new_replies) + ->fetchField(); + $thread = substr($result, 0, -1); + $count = db_query('SELECT COUNT(*) FROM {comments} WHERE nid = :nid AND status = 0 AND SUBSTRING(thread, 1, (LENGTH(thread) - 1)) < :thread', array( + ':nid' => $node->nid, + ':thread' => $thread)) + ->fetchField(); $pageno = $count / $comments_per_page; } @@ -568,7 +581,7 @@ function comment_form_alter(&$form, $form_state, $form_id) { */ function comment_nodeapi_load(&$node, $arg = 0) { if ($node->comment != COMMENT_NODE_DISABLED) { - return db_fetch_array(db_query("SELECT last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid = %d", $node->nid)); + return db_query('SELECT last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid = :nid', array(':nid' => $node->nid))->fetchAssoc(); } return array('last_comment_timestamp' => $node->created, 'last_comment_name' => '', 'comment_count' => 0); } @@ -586,15 +599,26 @@ function comment_nodeapi_prepare(&$node, $arg = 0) { * Implementation of hook_nodeapi_insert(). */ function comment_nodeapi_insert(&$node, $arg = 0) { - db_query('INSERT INTO {node_comment_statistics} (nid, last_comment_timestamp, last_comment_name, last_comment_uid, comment_count) VALUES (%d, %d, NULL, %d, 0)', $node->nid, $node->changed, $node->uid); + db_insert('node_comment_statistics') + ->fields(array( + 'nid' => $node->nid, + 'last_comment_timestamp' => $node->changed, + 'last_comment_name' => NULL, + 'last_comment_uid' => $node->uid, + 'comment_count' => 0 )) + ->execute(); } /** * Implementation of hook_nodeapi_delete(). */ function comment_nodeapi_delete(&$node, $arg = 0) { - db_query('DELETE FROM {comments} WHERE nid = %d', $node->nid); - db_query('DELETE FROM {node_comment_statistics} WHERE nid = %d', $node->nid); + db_delete('comments') + ->condition('nid', $node->nid) + ->execute(); + db_delete('node_comment_statistics') + ->condition('nid', $node->nid) + ->execute(); } /** @@ -602,9 +626,9 @@ function comment_nodeapi_delete(&$node, $arg = 0) { */ function comment_nodeapi_update_index(&$node, $arg = 0) { $text = ''; - $comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = %d AND status = %d', $node->nid, COMMENT_PUBLISHED); - while ($comment = db_fetch_object($comments)) { - $text .= '

' . check_plain($comment->subject) . '

' . check_markup($comment->comment, $comment->format, '', FALSE); + $comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = :nid AND status = :status', array(':nid' => $node->nid, ':status' => COMMENT_PUBLISHED)); + foreach ($comments as $comment) { + $text .= '

' . check_plain($comment->subject) . '

' . check_markup($comment->comment, $comment->format, FALSE); } return $text; } @@ -613,7 +637,7 @@ function comment_nodeapi_update_index(&$node, $arg = 0) { * Implementation of hook_nodeapi_search_result(). */ function comment_nodeapi_search_result(&$node, $arg = 0) { - $comments = db_result(db_query('SELECT comment_count FROM {node_comment_statistics} WHERE nid = %d', $node->nid)); + $comments = db_query('SELECT comment_count FROM {node_comment_statistics} WHERE nid = :nid', array('nid' => $node->nid))->fetchField(); return format_plural($comments, '1 comment', '@count comments'); } @@ -633,8 +657,14 @@ function comment_nodeapi_rss_item(&$node, $arg = 0) { * Implementation of hook_user_delete(). */ function comment_user_delete(&$edit, &$user, $category = NULL) { - db_query('UPDATE {comments} SET uid = 0 WHERE uid = %d', $user->uid); - db_query('UPDATE {node_comment_statistics} SET last_comment_uid = 0 WHERE last_comment_uid = %d', $user->uid); + db_update('comments') + ->fields(array('uid' => 0)) + ->condition('uid', $user->uid) + ->execute(); + db_update('node_comment_statistics') + ->fields(array('last_comment_uid' => 0)) + ->condition('last_comment_uid', $user->uid) + ->execute(); } /** @@ -692,7 +722,20 @@ function comment_save($edit) { ); if ($edit['cid']) { // Update the comment in the database. - db_query("UPDATE {comments} SET status = %d, timestamp = %d, subject = '%s', comment = '%s', format = %d, uid = %d, name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['comment_format'], $edit['uid'], $edit['name'], $edit['mail'], $edit['homepage'], $edit['cid']); + db_update('comments') + ->fields(array( + 'status' => $edit['status'], + 'timestamp' => $edit['timestamp'], + 'subject' => $edit['subject'], + 'comment' => $edit['comment'], + 'format' => $edit['comment_format'], + 'uid' => $edit['uid'], + 'name' => $edit['name'], + 'mail' => $edit['mail'], + 'homepage' => $edit['homepage'] + )) + ->condition('cid', $edit['cid']) + ->execute(); // Allow modules to respond to the updating of a comment. comment_invoke_comment($edit, 'update'); // Add an entry to the watchdog log. @@ -704,7 +747,7 @@ function comment_save($edit) { if ($edit['pid'] == 0) { // This is a comment with no parent comment (depth 0): we start // by retrieving the maximum thread level. - $max = db_result(db_query('SELECT MAX(thread) FROM {comments} WHERE nid = %d', $edit['nid'])); + $max = db_query('SELECT MAX(thread) FROM {comments} WHERE nid = :nid', array(':nid' => $edit['nid']))->fetchField(); // Strip the "/" from the end of the thread. $max = rtrim($max, '/'); // Finally, build the thread field for this new comment. @@ -719,7 +762,10 @@ function comment_save($edit) { // Strip the "/" from the end of the parent thread. $parent->thread = (string) rtrim((string) $parent->thread, '/'); // Get the max value in *this* thread. - $max = db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE :thread AND nid = :nid", array(':thread' => $parent->thread .'.%', ':nid' => $edit['nid']))->fetchField(); + $max = db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE :thread AND nid = :nid", array( + ':thread' => $parent->thread .'.%', + ':nid' => $edit['nid'])) + ->fetchField(); if ($max == '') { // First child of this parent. @@ -745,8 +791,23 @@ function comment_save($edit) { $edit['name'] = $user->name; } - db_query("INSERT INTO {comments} (nid, pid, uid, subject, comment, format, hostname, timestamp, status, thread, name, mail, homepage) VALUES (%d, %d, %d, '%s', '%s', %d, '%s', %d, %d, '%s', '%s', '%s', '%s')", $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['comment_format'], ip_address(), $edit['timestamp'], $edit['status'], $thread, $edit['name'], $edit['mail'], $edit['homepage']); - $edit['cid'] = db_last_insert_id('comments', 'cid'); + $edit['cid'] = db_insert('comments') + ->fields(array( + 'nid' => $edit['nid'], + 'pid' => empty($edit['pid']) ? 0 : $edit['pid'], + 'uid' => empty($edit['uid']) ? 0 : $edit['uid'], + 'subject' => $edit['subject'], + 'comment' => $edit['comment'], + 'format' => $edit['comment_format'], + 'hostname' => ip_address(), + 'timestamp' => $edit['timestamp'], + 'status' => $edit['status'], + 'thread' => $thread, + 'name' => $edit['name'], + 'mail' => $edit['mail'], + 'homepage' => $edit['homepage'] + )) + ->execute(); // Tell the other modules a new comment has been submitted. comment_invoke_comment($edit, 'insert'); // Add an entry to the watchdog log. @@ -923,17 +984,20 @@ function comment_render($node, $cid = 0) { if ($cid && is_numeric($cid)) { // Single comment view. - $query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d'; - $query_args = array($cid); + $query = db_select('comments', 'c'); + $query->fields('c', array('cid', 'nid', 'pid', 'comment', 'subject', 'format', 'timestamp', 'name', 'mail', 'homepage', 'status') ); + $query->fields('u', array( 'uid', 'signature', 'picture', 'data', 'status') ); + $query->addField('u', 'name', 'registered_name'); + $query->innerJoin('users', 'u', 'c.uid = u.uid'); + $query->condition('c.cid', $cid); + if (!user_access('administer comments')) { - $query .= ' AND c.status = %d'; - $query_args[] = COMMENT_PUBLISHED; + $query->condition('c.status', COMMENT_PUBLISHED); } - $query = db_rewrite_sql($query, 'c', 'cid'); - $result = db_query($query, $query_args); + $result = $query->execute(); - if ($comment = db_fetch_object($result)) { + if ($comment = $result->fetchObject()) { $comment->name = $comment->uid ? $comment->registered_name : $comment->name; $links = module_invoke_all('link', 'comment', $comment, 1); drupal_alter('link', $links, $node); @@ -942,6 +1006,9 @@ function comment_render($node, $cid = 0) { } } else { + + //TODO Convert to dynamic queries once the pager query is updated to the new DBTNG API. + // Multiple comment view. $query_count = 'SELECT COUNT(*) FROM {comments} c WHERE c.nid = %d'; $query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d'; @@ -971,7 +1038,7 @@ function comment_render($node, $cid = 0) { $num_rows = FALSE; $comments = ''; drupal_add_css(drupal_get_path('module', 'comment') . '/comment.css'); - while ($comment = db_fetch_object($result)) { + foreach ($result as $comment) { $comment = drupal_unpack($comment); $comment->name = $comment->uid ? $comment->registered_name : $comment->name; $comment->depth = count(explode('.', $comment->thread)) - 1; @@ -1033,20 +1100,20 @@ function comment_render($node, $cid = 0) { function comment_operations($action = NULL) { if ($action == 'publish') { $operations = array( - 'publish' => array(t('Publish the selected comments'), 'UPDATE {comments} SET status = ' . COMMENT_PUBLISHED . ' WHERE cid = %d'), + 'publish' => array(t('Publish the selected comments'), db_update('comments')->fields(array( 'status' => COMMENT_PUBLISHED)) ), 'delete' => array(t('Delete the selected comments'), '') ); } elseif ($action == 'unpublish') { $operations = array( - 'unpublish' => array(t('Unpublish the selected comments'), 'UPDATE {comments} SET status = ' . COMMENT_NOT_PUBLISHED . ' WHERE cid = %d'), + 'unpublish' => array(t('Unpublish the selected comments'), db_update('comments')->fields(array( 'status' => COMMENT_NOT_PUBLISHED)) ), 'delete' => array(t('Delete the selected comments'), '') ); } else { $operations = array( - 'publish' => array(t('Publish the selected comments'), 'UPDATE {comments} SET status = ' . COMMENT_PUBLISHED . ' WHERE cid = %d'), - 'unpublish' => array(t('Unpublish the selected comments'), 'UPDATE {comments} SET status = ' . COMMENT_NOT_PUBLISHED . ' WHERE cid = %d'), + 'publish' => array(t('Publish the selected comments'), db_update('comments')->fields(array( 'status' => COMMENT_PUBLISHED)) ), + 'unpublish' => array(t('Unpublish the selected comments'), db_update('comments')->fields(array( 'status' => COMMENT_NOT_PUBLISHED)) ), 'delete' => array(t('Delete the selected comments'), '') ); } @@ -1067,7 +1134,7 @@ function comment_operations($action = NULL) { * The comment object. */ function comment_load($cid) { - return db_fetch_object(db_query('SELECT * FROM {comments} WHERE cid = %d', $cid)); + return db_query('SELECT * FROM {comments} WHERE cid = :cid', array(':cid' => $cid))->fetchObject(); } /** @@ -1082,7 +1149,10 @@ function comment_num_replies($pid) { static $cache; if (!isset($cache[$pid])) { - $cache[$pid] = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE pid = %d AND status = %d', $pid, COMMENT_PUBLISHED)); + $cache[$pid] = db_query('SELECT COUNT(cid) FROM {comments} WHERE pid = :pid AND status = :status', array( + ':pid' => $pid, + ':status' => COMMENT_PUBLISHED)) + ->fetchField(); } return $cache[$pid]; @@ -1109,9 +1179,11 @@ function comment_num_new($nid, $timestamp = 0) { $timestamp = ($timestamp > NODE_NEW_LIMIT ? $timestamp : NODE_NEW_LIMIT); // Use the timestamp to retrieve the number of new comments. - $result = db_result(db_query('SELECT COUNT(c.cid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND timestamp > %d AND c.status = %d', $nid, $timestamp, COMMENT_PUBLISHED)); - - return $result; + return db_query('SELECT COUNT(c.cid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = :nid AND timestamp > :timestamp AND c.status = :status', array( + ':nid' => $nid, + ':timestamp' => $timestamp, + ':status' => COMMENT_PUBLISHED )) + ->fetchField(); } else { return FALSE; @@ -1147,7 +1219,12 @@ function comment_validate($edit) { $node = node_load($edit['nid']); if (variable_get('comment_anonymous_' . $node->type, COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) { if ($edit['name']) { - $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name'])); + $query = db_select('users', 'u'); + $query->addField('u', 'uid', 'uid'); + $taken = $query->where('LOWER(name) = :name', array(':name' => $edit['name'])) + ->countQuery() + ->execute() + ->fetchField(); if ($taken != 0) { form_set_error('name', t('The name you used belongs to a registered user.')); } @@ -1485,7 +1562,10 @@ function comment_form_add_preview($form, &$form_state) { $output = ''; // Isn't this line a duplication of the first $output above? if ($edit['pid']) { - $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED)); + $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array( + ':cid' => $edit['pid'], + ':status' => COMMENT_PUBLISHED )) + ->fetchObject(); $comment = drupal_unpack($comment); $comment->name = $comment->uid ? $comment->registered_name : $comment->name; $output .= theme('comment_view', $comment, $node); @@ -1825,17 +1905,31 @@ function _comment_get_display_setting($setting, $node) { * - comment_count: the total number of approved/published comments on this node. */ function _comment_update_node_statistics($nid) { - $count = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE nid = %d AND status = %d', $nid, COMMENT_PUBLISHED)); + $count = db_query('SELECT COUNT(cid) FROM {comments} WHERE nid = :nid AND status = :status', array(':nid' => $nid, ':status' => COMMENT_PUBLISHED))->fetchField(); if ($count > 0) { // Comments exist. - $last_reply = db_fetch_object(db_query_range('SELECT cid, name, timestamp, uid FROM {comments} WHERE nid = %d AND status = %d ORDER BY cid DESC', $nid, COMMENT_PUBLISHED, 0, 1)); - db_query("UPDATE {node_comment_statistics} SET comment_count = %d, last_comment_timestamp = %d, last_comment_name = '%s', last_comment_uid = %d WHERE nid = %d", $count, $last_reply->timestamp, $last_reply->uid ? '' : $last_reply->name, $last_reply->uid, $nid); + $last_reply = db_query_range('SELECT cid, name, timestamp, uid FROM {comments} WHERE nid = :nid AND status = :status ORDER BY cid DESC', array(':nid' => $nid, ':status' => COMMENT_PUBLISHED), 0, 1)->fetchObject(); + db_update('node_comment_statistics') + ->fields( array( + 'comment_count' => $count, + 'last_comment_timestamp' => $last_reply->timestamp, + 'last_comment_name' => $last_reply->uid ? '' : $last_reply->name, + 'last_comment_uid' => $last_reply->uid )) + ->condition('nid', $nid) + ->execute(); } else { // Comments do not exist. - $node = db_fetch_object(db_query("SELECT uid, created FROM {node} WHERE nid = %d", $nid)); - db_query("UPDATE {node_comment_statistics} SET comment_count = 0, last_comment_timestamp = %d, last_comment_name = '', last_comment_uid = %d WHERE nid = %d", $node->created, $node->uid, $nid); + $node = db_query('SELECT uid, created FROM {node} WHERE nid = :nid', array(':nid' => $nid))->fetchObject(); + db_update('node_comment_statistics') + ->fields( array( + 'comment_count' => 0, + 'last_comment_timestamp' => $node->created, + 'last_comment_name' => '', + 'last_comment_uid' => $node->uid )) + ->condition('nid', $nid) + ->execute(); } } @@ -1955,9 +2049,12 @@ function comment_unpublish_action($comment, $context = array()) { } else { $cid = $context['cid']; - $subject = db_result(db_query("SELECT subject FROM {comments} WHERE cid = %d", $cid)); + $subject = db_query('SELECT subject FROM {comments} WHERE cid = :cid', array(':cid', $cid))->fetchField(); } - db_query('UPDATE {comments} SET status = %d WHERE cid = %d', COMMENT_NOT_PUBLISHED, $cid); + db_update('comments') + ->fields(array('status' => COMMENT_NOT_PUBLISHED,)) + ->condition('cid', $cid) + ->execute(); watchdog('action', 'Unpublished comment %subject.', array('%subject' => $subject)); } @@ -1999,7 +2096,10 @@ function comment_unpublish_by_keyword_action_submit($form, $form_state) { function comment_unpublish_by_keyword_action($comment, $context) { foreach ($context['keywords'] as $keyword) { if (strstr($comment->comment, $keyword) || strstr($comment->subject, $keyword)) { - db_query('UPDATE {comments} SET status = %d WHERE cid = %d', COMMENT_NOT_PUBLISHED, $comment->cid); + db_update('comments') + ->fields(array('status' => COMMENT_NOT_PUBLISHED,)) + ->condition('cid', $comment->cid) + ->execute(); watchdog('action', 'Unpublished comment %subject.', array('%subject' => $comment->subject)); break; } diff --git a/modules/comment/comment.pages.inc b/modules/comment/comment.pages.inc index fe97f041b97..d1a3026fd68 100644 --- a/modules/comment/comment.pages.inc +++ b/modules/comment/comment.pages.inc @@ -15,7 +15,7 @@ */ function comment_edit($cid) { global $user; - $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d', $cid)); + $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid', array(':cid'=>$cid) )->fetchObject(); $comment = drupal_unpack($comment); $comment->name = $comment->uid ? $comment->registered_name : $comment->name; @@ -69,7 +69,10 @@ function comment_reply($node, $pid = NULL) { // $pid indicates that this is a reply to a comment. if ($pid) { // Load the comment whose cid = $pid - if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED))) { + $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array( + ':cid'=>$pid, + ':status'=>COMMENT_PUBLISHED))->fetchObject(); + if ( $comment ) { // If that comment exists, make sure that the current comment and the // parent comment both belong to the same parent node. if ($comment->nid != $node->nid) { @@ -123,7 +126,10 @@ function comment_approve($cid) { // Load the comment whose cid = $cid if ($comment = comment_load($cid)) { $operations = comment_operations('publish'); - db_query($operations['publish'][1], $cid); + $query = $operations['publish'][1]; + $query + ->condition('cid', $cid ) + ->execute(); drupal_set_message(t('Comment approved.')); drupal_goto("node/$comment->nid");