db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature.
This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
+ removes the lots of pagers and indirect pager themeing
+ add the theme_pager() function, which should be called as
theme("pager", ...) to get a pager.
* fixes all doxygen warnings [#]_ in the current code base
+ changes @param style from phpDocumentor (@param type $var desc) to doxygen (@param $var desc)
+ documents all undocumented parameters
+ escapes / fixes html warnings
+ fixes @defgroup in theme.inc
* adds more groupings [#]_
+ drupal_{set|get}_title, drupal_{set|get}_breadcrumb
+ pager.inc: pager_api (pager_query(), pager_display()), pager pieces
* adds a new group "themeable" which contains all themeable functions.
==> This fix requires to run update.php!
- Bugfix: made sessions work without warnings when register_globals is turned off. The solution is to use $_SESSION instead of session_register(). This fixes critical bug #1797. Patch by Marco.
- Bugfix: sometimes error messages where being discarded when previewing a node. Patch by Craig Courtney.
- Bugfix: fixed charset problems. This fixes critical bug #1549. Patch '0023.charset.patch' by Al.
- Code improvements: removed some dead code from the comment module. Patch by Marco.
- Documentation improvements: polished the node module help texts and form descriptions. Patch '0019.node.module.help.patch' by Al.
- CSS improvements all over the map! Patch '0021.more.css.patch' by Al.
- GUI improvements: improved the position of Druplicon in the admin menu. Patch '0020.admin.logo.patch' by Al.
- GUI improvements: new logos for theme Marvin and theme UnConeD. Logos by Kristjan Jansen.
- GUI improvements: small changes to the output emitted by the profile module. Suggestions by Steven Wittens.
- GUI improvements: small fixes to Xtemplate. Patch '0022.xtemplate.css.patch' by Al.
TODO:
- Some modules such as the buddy list module and the annotation module in the contributions repository are also using session_register(). They should be updated. We should setup a task on Drupal.
- There is code emitting '<div align="right">' which doesn't validate.
- Does our XML feeds validate with the charset changes?
- The forum module's SQL doesn't work properly on PostgreSQL.
to avoid XSS attacks! Patch by Al, Moshe, Marco, Kjartan and me.
- Bugfix: the admin module does now import drupal.css prior to admin.css.
Patch by me.
- Bugfix: the admin module was still emitting a <base href=""> tag. I
removed this as it is been taken care of by theme_head(); Patch by me.
- Bugfix: made the tracker module's pager only consider published pages.
Patch by Moshe.
- Bugfix: cured some typos in the comment module's help function. Patch by
Marco.
- Bugfix: fixed a typo in the pager_display() that caused optional
attributes to be discarded.
- Bugfix: made the Xtemplate emit empty boxes like any other theme does.
Patch by Al.
- Bugfix: fixed broken link on the statistics module's log page.
Reported by Kjartan.
- CSS improvements: made the HTML output emitted by the tracker module
look nicer. Patch by Moshe and Al.
- CSS improvements: added CSS classes for form elements. Patch by Al.
- CSS improvements: added a vertical gap between the last form item and the
submit button. Patch by Al. Note that Opera 6 is not picking up this
CSS but apparently others browsers such as Konqueror do.
- Xtemplate improvements: changed the color of the selected day in the
archive module's calendar. Patch by Al.
- Usability improvements: made the "birthday" field of the profile module
look nicer. Patch by Al.
------
- TODO: it might be a good idea to emit the following meta tag in the
theme_head() function:
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
Currently, some themes (and modules!) emit this while others don't. This
would also make it possible to change the charset site-wide.
- TODO: now we added support for td.dark and td.light to drupal.css, maybe
it can be removed from admin.css as well as xtemplate.css?
- Fixed a typo in the MSSQL database scheme. Patch by Michael Frankowski.
- Removed dependency on "register_globals = on"! Patches by Michael Frankowski.
Notes:
+ Updated the patches to use $foo["bar"] instead of $foo['bar'].
+ Updated the INSTALL and CHANGELOG files as well.
- Tiny improvement to the "./scripts/code-clean.sh" script.
Gábor Hojtsy
Dries Buytaert
Neil Drumm
Gerhard Killesreiter
Steven Wittens
Kjartan Mannes