[drupal-devel] [task] Extend db_query()
killes
drupal-devel at drupal.org
Wed Jul 27 11:42:27 UTC 2005
Issue status update for
http://drupal.org/node/17656
Post a follow up:
http://drupal.org/project/comments/add/17656
Project: Drupal
Version: cvs
Component: database system
Category: tasks
Priority: normal
Assigned to: killes at www.drop.org
Reported by: killes at www.drop.org
Updated by: killes at www.drop.org
Status: patch
Attachment: http://drupal.org/files/issues/node-%a.patch (926 bytes)
the patch still applies. the new patch here updates node_save to use it.
Untested.
killes at www.drop.org
Previous comments:
------------------------------------------------------------------------
Mon, 21 Feb 2005 12:48:30 +0000 : killes at www.drop.org
Attachment: http://drupal.org/files/issues/db-query.patch (2.16 KB)
We should make our database abstraction layer more robust and ensure
that module authors can use it without string manipulations inside the
query. Several queries use implode() to get their arguments into the
query. This is undesirable as we rely on the module author to check the
keys and values of such arrays for exploitation attempts.
I have created the attached patch which shouldbe able to allow us to
not use implode anymore.
A minor problem is that all inserted values will be treated as strings.
This might be a problem with PostgreSQL at least. However, the same
strategy is already used in Drupal core without any complaints I know
of.
Summary: This patch will alow us to simplify some code in node.module,
user.module, taxonomy.module and probably others.
------------------------------------------------------------------------
Mon, 21 Feb 2005 17:03:58 +0000 : killes at www.drop.org
It's a patch.
------------------------------------------------------------------------
Mon, 21 Feb 2005 17:19:13 +0000 : killes at www.drop.org
Attachment: http://drupal.org/files/issues/db-query_0.patch (2.07 KB)
Squeezed out two lines of code after consultation with Karoly. Adds only
10 loc (plus some docs).
------------------------------------------------------------------------
Mon, 21 Feb 2005 17:23:08 +0000 : chx
Do I need to say +1?
------------------------------------------------------------------------
Thu, 03 Mar 2005 00:15:10 +0000 : killes at www.drop.org
Attachment: http://drupal.org/files/issues/db-query_1.patch (2.69 KB)
After some discussion with Adrian at Drupal Con we found out that we do
not know why node_save currently works with pgsql. It currently assumes
that all db columns are strings. It seems to work but we should not rely
on it.
Here is a patch that checks for the type of field that is inserted.
It needs testing.
------------------------------------------------------------------------
Tue, 26 Jul 2005 01:17:04 +0000 : drumm
+1 for making this into an API. I've seen too many hacked together query
builders in Drupal and Contrib. I have not tested.
------------------------------------------------------------------------
Wed, 27 Jul 2005 11:30:29 +0000 : Bèr Kessels
untested. a big +1 for the feature
------------------------------------------------------------------------
Wed, 27 Jul 2005 11:41:52 +0000 : killes at www.drop.org
the patch still applies. the new patch here updates node_save to use it.
Untested.
More information about the drupal-devel
mailing list