[drupal-devel] [task] Extend db_query()

killes drupal-devel at drupal.org
Thu Mar 3 00:15:14 UTC 2005

Issue status update for http://drupal.org/node/17656

 Project:      Drupal
 Version:      cvs
 Component:    database system
 Category:     tasks
 Priority:     normal
 Assigned to:  killes at www.drop.org
 Reported by:  killes at www.drop.org
 Updated by:   killes at www.drop.org
 Status:       patch
 Attachment:   http://drupal.org/files/issues/db-query_1.patch (2.69 KB)

After some discussion with Adrian at Drupal Con we found out that we do
not know why node_save currently works with pgsql. It currently assumes
that all db columns are strings. It seems to work but we should not rely
on it.
Here is a patch that checks for the type of field that is inserted.
It needs testing.

killes at www.drop.org

Previous comments:

February 21, 2005 - 13:48 : killes at www.drop.org

Attachment: http://drupal.org/files/issues/db-query.patch (2.16 KB)

We should make our database abstraction layer more robust and ensure
that module authors can use it without string manipulations inside the
query. Several queries use implode() to get their arguments into the
query. This is undesirable as we rely on the module author to check the
keys and values of such arrays for exploitation attempts.
I have created the attached patch which shouldbe able to allow us to
not use implode anymore.
A minor problem is that all inserted values will be treated as strings.
This might be a problem with PostgreSQL at least. However, the same
strategy is already used in Drupal core without any complaints I know
Summary: This patch will alow us to simplify some code in node.module,
user.module, taxonomy.module and probably others.


February 21, 2005 - 18:03 : killes at www.drop.org

It's a patch.


February 21, 2005 - 18:19 : killes at www.drop.org

Attachment: http://drupal.org/files/issues/db-query_0.patch (2.07 KB)

Squeezed out two lines of code after consultation with Karoly. Adds only
10 loc (plus some docs).


February 21, 2005 - 18:23 : chx

Do I need to say +1?

More information about the drupal-devel mailing list