Index: includes/database.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.inc,v retrieving revision 1.56 diff -u -r1.56 database.inc --- includes/database.inc 27 Apr 2006 20:38:49 -0000 1.56 +++ includes/database.inc 27 Jun 2006 05:02:35 -0000 @@ -324,8 +324,132 @@ return preg_replace('/[^A-Za-z0-9_]+/', '', $string); } + /** - * @} End of "defgroup database". + * Run an insert query on the active database. + * + * @param $table + * The database table on which to run the insert query. + * @param $fields + * An associative array of the values to insert. The keys are the + * fields, and the corresponding values are the values to insert. + * @return + * A database query result resource, or FALSE if the query was not + * executed correctly. + * + */ +function db_insert($table, $fields) { + + $insert_fields = array_keys($fields); + $insert_values = array_values($fields); + + $params = array(); + foreach ($insert_values as $value) { + $params[] = is_numeric($value) ? '%d' : "'%s'"; + } + + $sql = 'INSERT INTO {' . $table . '} (' . implode(',', $insert_fields) . ') VALUES (' . implode(',', $params) . ')'; + + return db_query($sql, $insert_values); +} + +/** + * Run an update query on the active database. + * + * @param $table + * The database table on which to run the update query. + * @param $fields + * An associative array of the values to update. The keys are the + * fields, and the corresponding values are the values to update to. + * @param $where + * The where rules for this update query. + * @param $where_type + * Whether to AND or OR the where rules together. + * @return + * A database query result resource, or FALSE if the query was not + * executed correctly. + * + */ +function db_update($table, $fields, $where, $where_type='AND') { + + $update_values = array_values($fields); + + $flat_fields = array(); + foreach ($fields as $field => $value) { + $flat_fields[] = $field . '=' . (is_numeric($value) ? '%d' : "'%s'"); + } + + list($where_string, $where_values) = db_where_clause($where, $where_type); + + $sql = 'UPDATE ' . $table . ' SET ' . implode(',', $flat_fields) . $where_string; + + return db_query($sql, array_merge($update_values, $where_values)); +} + +/** + * Run a delete query on the active database. + * + * @param $table + * The database table on which to run the delete query. + * @param $where + * The where rules for this delete query. + * @param $where_type + * Whether to AND or OR the where rules together. + * @return + * A database query result resource, or FALSE if the query was not + * executed correctly. + * + */ +function db_delete($table, $where, $where_type='AND') { + + list($where_string, $where_values) = db_where_clause($where, $where_type); + + $sql = 'DELETE FROM ' . $table . implode(',', $flat_fields) . $where_string; + + return db_query($sql, array_merge($update_values, $where_values)); +} + +/** + * Build the WHERE portion of an SQL query, based on the specified values. + * + * @param $where + * Associative array of rules in the WHERE clause. If a key in the array + * is numeric, the value is taken as a literal rule. If it is non-numeric, + * then it is assumed to be a field name and the corresponding value is the + * value that it must hold. + * @param $where_type + * Whether the values of the WHERE clause should be ANDed or ORed together. + * + * As an example, this $where clause would be translated as follows: + * $where = array('name'=>'foo', 'type'=>'page', 'created < 1147567877') + * + * WHERE (name='foo') AND ('type'='page') AND (created < 1147567877') + * @return + * An array containing the where clause with sprintf() markers, and + * an array of values to substitute for them. */ +function db_where_clause($where, $where_type='AND') { + $params = array(); + $args = array(); + foreach ($where as $key => $value) { + if (is_numeric($key)) { + $params[] = ' (' . $value . ') '; + } + else { + $params[] = ' (' . $key . '=' . (is_numeric($value) ? '%d' : "'%s'") . ') '; + $args[] = $value; + } + } + + $return = ''; + if (sizeof($params)) { + $return = ' WHERE ' . implode($where_type, $params); + } + + return array($return, $args); +} +/** + * @} End of "defgroup database". + */ Index: modules/contact.module =================================================================== RCS file: /cvs/drupal/drupal/modules/contact.module,v retrieving revision 1.54 diff -u -r1.54 contact.module --- modules/contact.module 29 May 2006 13:26:41 -0000 1.54 +++ modules/contact.module 27 Jun 2006 05:02:36 -0000 @@ -239,14 +239,22 @@ $recipients[$key] = trim($recipient); } $form_values['recipients'] = implode(',', $recipients); + $fields['category'] = $form_values['category']; + $fields['recipients'] = $form_values['recipients']; + $fields['reply'] = $form_values['reply']; + $fields['weight'] = $form_values['weight']; + $fields['selected'] = $form_values['selected']; if (arg(3) == 'add') { - db_query("INSERT INTO {contact} (category, recipients, reply, weight, selected) VALUES ('%s', '%s', '%s', %d, %d)", $form_values['category'], $form_values['recipients'], $form_values['reply'], $form_values['weight'], $form_values['selected']); + db_insert('contact', $fields); +// db_query("INSERT INTO {contact} (category, recipients, reply, weight, selected) VALUES ('%s', '%s', '%s', %d, %d)", $form_values['category'], $form_values['recipients'], $form_values['reply'], $form_values['weight'], $form_values['selected']); drupal_set_message(t('Category %category has been added.', array('%category' => theme('placeholder', $form_values['category'])))); watchdog('mail', t('Contact form: category %category added.', array('%category' => theme('placeholder', $form_values['category']))), WATCHDOG_NOTICE, l(t('view'), 'admin/contact')); } else { - db_query("UPDATE {contact} SET category = '%s', recipients = '%s', reply = '%s', weight = %d, selected = %d WHERE cid = %d", $form_values['category'], $form_values['recipients'], $form_values['reply'], $form_values['weight'], $form_values['selected'], $form_values['cid']); + $where['cid'] = $form_values['cid']; + db_update('contact', $fields, $where); +// db_query("UPDATE {contact} SET category = '%s', recipients = '%s', reply = '%s', weight = %d, selected = %d WHERE cid = %d", $form_values['category'], $form_values['recipients'], $form_values['reply'], $form_values['weight'], $form_values['selected'], $form_values['cid']); drupal_set_message(t('Category %category has been updated.', array('%category' => theme('placeholder', $form_values['category'])))); watchdog('mail', t('Contact form: category %category updated.', array('%category' => theme('placeholder', $form_values['category']))), WATCHDOG_NOTICE, l(t('view'), 'admin/contact')); } k