Index: includes/database.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.inc,v retrieving revision 1.84 diff -u -p -r1.84 database.inc --- includes/database.inc 12 Oct 2007 14:19:44 -0000 1.84 +++ includes/database.inc 3 Nov 2007 18:16:09 -0000 @@ -164,30 +164,6 @@ function db_set_active($name = 'default' } /** - * Helper function for db_query(). - */ -function _db_query_callback($match, $init = FALSE) { - static $args = NULL; - if ($init) { - $args = $match; - return; - } - - switch ($match[1]) { - case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?) - return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe - case '%s': - return db_escape_string(array_shift($args)); - case '%%': - return '%'; - case '%f': - return (float) array_shift($args); - case '%b': // binary data - return db_encode_blob(array_shift($args)); - } -} - -/** * Generate placeholders for an array of query arguments of a single type. * * Given a Schema API field type, return correct %-placeholders to @@ -204,11 +180,6 @@ function db_placeholders($arguments, $ty } /** - * Indicates the place holders that should be replaced in _db_query_callback(). - */ -define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/'); - -/** * Helper function for db_rewrite_sql. * * Collects JOIN and WHERE statements via hook_db_rewrite_sql() Index: includes/database.mysql-common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.mysql-common.inc,v retrieving revision 1.13 diff -u -p -r1.13 database.mysql-common.inc --- includes/database.mysql-common.inc 2 Oct 2007 16:15:56 -0000 1.13 +++ includes/database.mysql-common.inc 3 Nov 2007 18:16:09 -0000 @@ -37,8 +37,7 @@ function db_query($query) { if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax $args = $args[0]; } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); + $query = db_query_load_values($query, $args); return _db_query($query); } @@ -530,3 +529,10 @@ function db_change_field(&$ret, $table, function db_last_insert_id($table, $field) { return db_result(db_query('SELECT LAST_INSERT_ID()')); } + +function db_query_load_values($query, $args) { + $args = array_map('db_escape_string', $args); + array_unshift($args, str_replace('%b', "'%s'", $query)); + return call_user_func_array('sprintf', $args); +} + Index: includes/database.mysql.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.mysql.inc,v retrieving revision 1.83 diff -u -p -r1.83 database.mysql.inc --- includes/database.mysql.inc 20 Oct 2007 21:57:49 -0000 1.83 +++ includes/database.mysql.inc 3 Nov 2007 18:16:09 -0000 @@ -275,8 +275,7 @@ function db_query_range($query) { if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax $args = $args[0]; } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); + $query = db_query_load_values($query, $args); $query .= ' LIMIT '. (int)$from .', '. (int)$count; return _db_query($query); } Index: includes/database.mysqli.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.mysqli.inc,v retrieving revision 1.48 diff -u -p -r1.48 database.mysqli.inc --- includes/database.mysqli.inc 20 Oct 2007 21:57:49 -0000 1.48 +++ includes/database.mysqli.inc 3 Nov 2007 18:16:09 -0000 @@ -274,8 +274,7 @@ function db_query_range($query) { if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax $args = $args[0]; } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); + $query = db_query_load_values($query, $args); $query .= ' LIMIT '. (int)$from .', '. (int)$count; return _db_query($query); } Index: includes/database.pgsql.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.pgsql.inc,v retrieving revision 1.63 diff -u -p -r1.63 database.pgsql.inc --- includes/database.pgsql.inc 17 Oct 2007 12:47:28 -0000 1.63 +++ includes/database.pgsql.inc 3 Nov 2007 18:16:09 -0000 @@ -12,6 +12,11 @@ */ /** + * Indicates the place holders that should be replaced in _db_query_callback(). + */ +define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b|%u)/'); + +/** * Report database status. */ function db_status_report() { @@ -295,8 +300,7 @@ function db_query_range($query) { if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax $args = $args[0]; } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); + $query = db_query_load_values($query, $args); $query .= ' LIMIT '. (int)$count .' OFFSET '. (int)$from; return _db_query($query); } @@ -342,8 +346,7 @@ function db_query_temporary($query) { if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax $args = $args[0]; } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); + $query = db_query_load_values($query, $args); return _db_query($query); } @@ -442,6 +445,35 @@ function db_distinct_field($table, $fiel return $query; } +function _db_query_callback($match, $init = FALSE) { + static $args = NULL; + if ($init) { + $args = $match; + return; + } + + switch ($match[1]) { + case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?) + return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe + case '%s': + return db_escape_string(array_shift($args)); + case '%%': + return '%'; + case '%f': + return (float) array_shift($args); + case '%b': // binary data + return db_encode_blob(array_shift($args)); + case '%u': + return sprintf('%u', array_shift($args)); + } +} + +function db_query_load_values($query, $args) { + // We load the arguments into the callback here. + _db_query_callback($args, TRUE); + return preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); +} + /** * @} End of "ingroup database". */