diff --git modules/user/user.admin.inc modules/user/user.admin.inc
index 9fbaab1..edb7f65 100644
--- modules/user/user.admin.inc
+++ modules/user/user.admin.inc
@@ -144,7 +144,11 @@ function user_admin_account() {
t('Operations')
);
- $sql = 'SELECT DISTINCT u.uid, u.name, u.status, u.created, u.access FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where'];
+ $query = db_select('users', 'u');
+ $query->fields('u', array('uid', 'name', 'status', 'created', 'access'));
+ $sql = 'SELECT DISTINCT u.uid, u.name, u.status, u.created, u.access FROM {users} u
+ LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . '
+ WHERE u.uid != 0 ' . $filter['where'];
$sql .= tablesort_sql($header);
$query_count = 'SELECT COUNT(DISTINCT u.uid) FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where'];
$result = pager_query($sql, 50, 0, $query_count, $filter['args']);
@@ -174,13 +178,13 @@ function user_admin_account() {
$status = array(t('blocked'), t('active'));
$roles = user_roles(TRUE);
$accounts = array();
- while ($account = db_fetch_object($result)) {
+ foreach ($result as $account) {
$accounts[$account->uid] = '';
$form['name'][$account->uid] = array('#markup' => theme('username', $account));
$form['status'][$account->uid] = array('#markup' => $status[$account->status]);
$users_roles = array();
- $roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = %d', $account->uid);
- while ($user_role = db_fetch_object($roles_result)) {
+ $roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = :uid', array(':uid' => $account->uid));
+ foreach ($roles_result as $user_role) {
$users_roles[] = $roles[$user_role->rid];
}
asort($users_roles);
@@ -601,9 +605,14 @@ function user_admin_perm_submit($form, &$form_state) {
foreach ($form_state['values']['role_names'] as $rid => $name) {
$checked = array_filter($form_state['values'][$rid]);
// Delete existing permissions for the role. This handles "unchecking" checkboxes.
- db_query("DELETE FROM {role_permission} WHERE rid = %d", $rid);
+ db_delete('role_permission')->condition('rid', $rid)->execute();
foreach ($checked as $permission) {
- db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", $rid, $permission);
+ db_insert('role_permission')
+ ->fields(array(
+ 'rid' => $rid,
+ 'permission' => $permission,
+ ))
+ ->execute();
}
}
@@ -670,7 +679,7 @@ function user_admin_role() {
drupal_goto('admin/user/roles');
}
// Display the edit role form.
- $role = db_fetch_object(db_query('SELECT * FROM {role} WHERE rid = %d', $rid));
+ $role = db_query('SELECT * FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchObject();
$form['name'] = array(
'#type' => 'textfield',
'#title' => t('Role name'),
@@ -712,12 +721,16 @@ function user_admin_role() {
function user_admin_role_validate($form, &$form_state) {
if ($form_state['values']['name']) {
if ($form_state['values']['op'] == t('Save role')) {
- if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s' AND rid != %d", $form_state['values']['name'], $form_state['values']['rid']))) {
+ $existing_role = db_query("SELECT COUNT(*) FROM {role} WHERE name = :name AND rid != :rid",
+ array(':name' => $form_state['values']['name'],
+ ':rid' => $form_state['values']['rid']))
+ ->fetchField();
+ if ($existing_role) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
}
}
elseif ($form_state['values']['op'] == t('Add role')) {
- if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s'", $form_state['values']['name']))) {
+ if (db_query("SELECT COUNT(*) FROM {role} WHERE name = :name", array(':name' => $form_state['values']['name']))->fetchField()) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
}
}
@@ -729,19 +742,24 @@ function user_admin_role_validate($form, &$form_state) {
function user_admin_role_submit($form, &$form_state) {
if ($form_state['values']['op'] == t('Save role')) {
- db_query("UPDATE {role} SET name = '%s' WHERE rid = %d", $form_state['values']['name'], $form_state['values']['rid']);
+ db_update('role')
+ ->fields(array(
+ 'name' => $form_state['values']['name'],
+ ))
+ ->condition('rid', $form_state['values']['rid'])
+ ->execute();
drupal_set_message(t('The role has been renamed.'));
}
elseif ($form_state['values']['op'] == t('Delete role')) {
- db_query('DELETE FROM {role} WHERE rid = %d', $form_state['values']['rid']);
- db_query('DELETE FROM {role_permission} WHERE rid = %d', $form_state['values']['rid']);
+ db_delete('role')->condition('rid', $form_state['values']['rid'])->execute();
+ db_delete('role_permission')->condition('rid', $form_state['values']['rid'])->execute();
// Update the users who have this role set:
- db_query('DELETE FROM {users_roles} WHERE rid = %d', $form_state['values']['rid']);
+ db_delete('users_roles')->condition('rid', $form_state['values']['rid'])->execute();
drupal_set_message(t('The role has been deleted.'));
}
elseif ($form_state['values']['op'] == t('Add role')) {
- db_query("INSERT INTO {role} (name) VALUES ('%s')", $form_state['values']['name']);
+ db_insert('role')->fields(array('name' => $form_state['values']['name']))->execute();
drupal_set_message(t('The role has been added.'));
}
$form_state['redirect'] = 'admin/user/roles';
diff --git modules/user/user.install modules/user/user.install
index db765f1..e78cb20 100644
--- modules/user/user.install
+++ modules/user/user.install
@@ -247,7 +247,7 @@ function user_update_7000(&$sandbox) {
if (!isset($sandbox['user_from'])) {
db_change_field($ret, 'users', 'pass', 'pass', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''));
$sandbox['user_from'] = 0;
- $sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}"));
+ $sandbox['user_count'] = db_query("SELECT COUNT(uid) FROM {users}")->fetchField();
}
else {
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
@@ -255,14 +255,14 @@ function user_update_7000(&$sandbox) {
$has_rows = FALSE;
// Update this many per page load.
$count = 1000;
- $result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", $sandbox['user_from'], $count);
- while ($account = db_fetch_array($result)) {
+ $result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", array(), $sandbox['user_from'], $count);
+ foreach ($result as $account) {
$has_rows = TRUE;
- $new_hash = user_hash_password($account['pass'], $hash_count_log2);
+ $new_hash = user_hash_password($account->pass, $hash_count_log2);
if ($new_hash) {
// Indicate an updated password.
$new_hash = 'U' . $new_hash;
- db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account['uid']);
+ db_update('users')->fields(array('pass' => $new_hash))->condition('uid', $account->uid)->execute();
}
}
$ret['#finished'] = $sandbox['user_from']/$sandbox['user_count'];
@@ -300,7 +300,7 @@ function user_update_7002(&$sandbox) {
if (!isset($sandbox['user_from'])) {
db_change_field($ret, 'users', 'timezone', 'timezone', array('type' => 'varchar', 'length' => 32, 'not null' => FALSE));
$sandbox['user_from'] = 0;
- $sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}"));
+ $sandbox['user_count'] = db_query("SELECT COUNT(uid) FROM {users}")->fetchField();
$sandbox['user_not_migrated'] = 0;
}
else {
diff --git modules/user/user.module modules/user/user.module
index 5efd68e..6962f7b 100644
--- modules/user/user.module
+++ modules/user/user.module
@@ -400,7 +400,7 @@ function user_save($account, $edit = array(), $category = 'account') {
if (is_object($account) && $account->uid) {
user_module_invoke('update', $edit, $account, $category);
- $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
+ $data = unserialize(db_query('SELECT data FROM {users} WHERE uid = :uid', array(':uid' => $account->uid))->fetchField());
// Consider users edited by an administrator as logged in, if they haven't
// already, so anonymous users can view the profile (if allowed).
if (empty($edit['access']) && empty($account->access) && user_access('administer users')) {
@@ -461,11 +461,16 @@ function user_save($account, $edit = array(), $category = 'account') {
// Reload user roles if provided.
if (isset($edit['roles']) && is_array($edit['roles'])) {
- db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
+ db_delete('users_roles')->condition('uid', $account->uid)->execute();
foreach (array_keys($edit['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
- db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
+ db_insert('users_roles')
+ ->fields(array(
+ 'uid' => $account->uid,
+ 'rid' => $rid,
+ ))
+ ->execute();
}
}
}
@@ -544,10 +549,15 @@ function user_save($account, $edit = array(), $category = 'account') {
// Save user roles (delete just to be safe).
if (isset($edit['roles']) && is_array($edit['roles'])) {
- db_query('DELETE FROM {users_roles} WHERE uid = %d', $edit['uid']);
+ db_delete('users_roles')->condition('uid', $edit['uid'])->execute();
foreach (array_keys($edit['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
- db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $edit['uid'], $rid);
+ db_insert('users_roles')
+ ->fields(array(
+ 'uid' => $edit['uid'],
+ 'rid' => $rid,
+ ))
+ ->execute();
}
}
}
@@ -759,7 +769,7 @@ function user_access($string, $account = NULL, $reset = FALSE) {
* @return boolean TRUE for blocked users, FALSE for active.
*/
function user_is_blocked($name) {
- $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
+ $deny = db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER(:name)", array(':name' => $name))->fetchObject();
return $deny;
}
@@ -845,18 +855,22 @@ function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
$find = array();
// Replace wildcards with MySQL/PostgreSQL wildcards.
$keys = preg_replace('!\*+!', '%', $keys);
+ $query = db_select('users');
+ $query->fields('users', array('name', 'uid', 'mail'));
if (user_access('administer users')) {
// Administrators can also search in the otherwise private email field.
- $result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys);
- while ($account = db_fetch_object($result)) {
- $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
- }
+ $query->condition(db_or()->
+ where('LOWER(name) LIKE LOWER(:name)', array(':name' => "%$keys%"))->
+ where('LOWER(mail) LIKE LOWER(:mail)', array(':mail' => "%$keys%")));
}
else {
- $result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
- while ($account = db_fetch_object($result)) {
- $find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
- }
+ $query->where('LOWER(name) LIKE LOWER(:name)', array(':name' => "%$keys%"));
+ }
+ $query = $query->extend('PagerDefault')
+ ->limit(2);
+ $result = $query->execute();
+ foreach ($result as $account) {
+ $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
}
return $find;
}
@@ -922,7 +936,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) {
if ($error = user_validate_name($edit['name'])) {
form_set_error('name', $error);
}
- elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
+ elseif (db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND LOWER(name) = LOWER(:name)", array(':uid' => $uid, ':name' => $edit['name']))->fetchField() > 0) {
form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
}
}
@@ -931,7 +945,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) {
if ($error = user_validate_mail($edit['mail'])) {
form_set_error('mail', $error);
}
- elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
+ elseif (db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND LOWER(mail) = LOWER(:mail)", array(':uid' => $uid, ':mail' => $edit['mail']))->fetchField() > 0) {
// Format error message dependent on whether the user is logged in or not.
if ($GLOBALS['user']->uid) {
form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => $edit['mail'])));
@@ -1503,10 +1517,10 @@ function user_page_title($account) {
* An associative array with module as key and username as value.
*/
function user_get_authmaps($authname = NULL) {
- $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
+ $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = :authname", array(':authname' => $authname));
$authmaps = array();
$has_rows = FALSE;
- while ($authmap = db_fetch_object($result)) {
+ foreach ($result as $authmap) {
$authmaps[$authmap->module] = $authmap->authname;
$has_rows = TRUE;
}
@@ -1647,7 +1661,7 @@ function user_authenticate($form_values = array()) {
$password = trim($form_values['pass']);
// Name and pass keys are required.
if (!empty($form_values['name']) && !empty($password)) {
- $account = db_fetch_object(db_query("SELECT * FROM {users} WHERE name = '%s' AND status = 1", $form_values['name']));
+ $account = db_query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $form_values['name']))->fetchObject();
if ($account) {
// Allow alternate password hashing schemes.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
@@ -1655,7 +1669,10 @@ function user_authenticate($form_values = array()) {
if (user_needs_new_hash($account)) {
$new_hash = user_hash_password($password);
if ($new_hash) {
- db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account->uid);
+ db_update('users')
+ ->fields(array('pass' => $new_hash))
+ ->condition('uid', $account->uid)
+ ->execute();
}
}
$users = user_load_multiple(array($account->uid), array('status' => '1'));
@@ -1682,7 +1699,10 @@ function user_authenticate_finalize(&$edit) {
// Update the user table timestamp noting user has logged in.
// This is also used to invalidate one-time login links.
$user->login = REQUEST_TIME;
- db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
+ db_update('users')
+ ->fields(array('login' => $user->login))
+ ->condition('uid', $user->uid)
+ ->execute();
// Regenerate the session ID to prevent against session fixation attacks.
// This is called before hook_user in case one of those functions fails
// or incorrectly does a redirect which would leave the old session in place.
@@ -2114,13 +2134,13 @@ function user_roles($membersonly = FALSE, $permission = NULL) {
);
if (!empty($permission)) {
- $result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = '%s' ORDER BY r.name", $permission);
+ $result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = :permission ORDER BY r.name", array(':permission' => $permission));
}
else {
$result = db_query('SELECT * FROM {role} ORDER BY name');
}
- while ($role = db_fetch_object($result)) {
+ foreach ($result as $role) {
switch ($role->rid) {
// We only translate the built in role names
case DRUPAL_ANONYMOUS_RID:
@@ -2241,7 +2261,7 @@ function user_user_operations_block($accounts) {
function user_multiple_role_edit($accounts, $operation, $rid) {
// The role name is not necessary as user_save() will reload the user
// object, but some modules' hook_user() may look at this first.
- $role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid));
+ $role_name = db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchField();
switch ($operation) {
case 'add_role':
@@ -2273,7 +2293,7 @@ function user_multiple_cancel_confirm(&$form_state) {
$form['accounts'] = array('#prefix' => '', '#tree' => TRUE);
// array_filter() returns only elements with TRUE values.
foreach (array_filter($edit['accounts']) as $uid => $value) {
- $user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid));
+ $user = db_query('SELECT name FROM {users} WHERE uid = :uid', array(':uid' => $uid))->fetchField();
$form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '', '#suffix' => check_plain($user) . "\n");
}
@@ -2699,7 +2719,7 @@ function user_block_user_action(&$object, $context = array()) {
global $user;
$uid = $user->uid;
}
- db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
+ db_update('users')->fields(array('status' => 0))->condition('uid', $uid)->execute();
drupal_session_destroy_uid($uid);
watchdog('action', 'Blocked user %name.', array('%name' => $user->name));
}
diff --git modules/user/user.pages.inc modules/user/user.pages.inc
index 10b2646..b20ac1f 100644
--- modules/user/user.pages.inc
+++ modules/user/user.pages.inc
@@ -13,7 +13,7 @@ function user_autocomplete($string = '') {
$matches = array();
if ($string) {
$result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10);
- while ($user = db_fetch_object($result)) {
+ foreach ($result as $user) {
$matches[$user->name] = check_plain($user->name);
}
}