? cvs_get_vanilla.sh
Index: database/database.pgsql
===================================================================
RCS file: /cvs/drupal/drupal/database/database.pgsql,v
retrieving revision 1.143
diff -u -p -r1.143 database.pgsql
--- database/database.pgsql	5 Nov 2005 08:00:20 -0000	1.143
+++ database/database.pgsql	7 Nov 2005 12:32:51 -0000
@@ -161,7 +161,7 @@ CREATE TABLE boxes (
 
 CREATE TABLE cache (
   cid varchar(255) NOT NULL default '',
-  data text default '',
+  data bytea default '',
   expire integer NOT NULL default '0',
   created integer NOT NULL default '0',
   headers text default '',
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.70
diff -u -p -r1.70 bootstrap.inc
--- includes/bootstrap.inc	22 Oct 2005 15:14:46 -0000	1.70
+++ includes/bootstrap.inc	7 Nov 2005 12:32:51 -0000
@@ -319,12 +319,10 @@ function cache_get($key) {
  *   A string containing HTTP header information for cached pages.
  */
 function cache_set($cid, $data, $expire = CACHE_PERMANENT, $headers = NULL) {
-  $data = db_encode_blob($data);
-
   db_lock_table('cache');
-  db_query("UPDATE {cache} SET data = '%s', created = %d, expire = %d, headers = '%s' WHERE cid = '%s'", $data, time(), $expire, $headers, $cid);
+  db_query("UPDATE {cache} SET data = %b, created = %d, expire = %d, headers = '%s' WHERE cid = '%s'", $data, time(), $expire, $headers, $cid);
   if (!db_affected_rows()) {
-    @db_query("INSERT INTO {cache} (cid, data, created, expire, headers) VALUES ('%s', '%s', %d, %d, '%s')", $cid, $data, time(), $expire, $headers);
+    @db_query("INSERT INTO {cache} (cid, data, created, expire, headers) VALUES ('%s', %b, %d, %d, '%s')", $cid, $data, time(), $expire, $headers);
   }
   db_unlock_tables();
 }
Index: includes/database.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.inc,v
retrieving revision 1.45
diff -u -p -r1.45 database.inc
--- includes/database.inc	12 Sep 2005 20:13:04 -0000	1.45
+++ includes/database.inc	7 Nov 2005 12:32:52 -0000
@@ -140,24 +140,48 @@ function db_set_active($name = 'default'
  *   A string containing an SQL query.
  * @param ...
  *   A variable number of arguments which are substituted into the query using
- *   printf() syntax. Instead of a variable number of query arguments, you may
- *   also pass a single array containing the query arguments.
+ *   printf() syntax. The query arguments can be enclosed in one array instead.
+ *
+ *   NOTE: Using this syntax will cast NULL and FALSE values to decimal 0, and TRUE values to decimal 1.
+ *
  * @return
  *   A database query result resource, or FALSE if the query was not executed
  *   correctly.
  */
 function db_query($query) {
-  $args = func_get_args();
+  $args = func_get_args(); 
+  array_shift($args); // Drop $query?
   $query = db_prefix_tables($query);
-  if (count($args) > 1) {
-    if (is_array($args[1])) {
-      $args = array_merge(array($query), $args[1]);
+  if (count($args) > 0) {
+    if (is_array($args[0])) {
+      $args = $args[0];
+    }
+    $new_query = '';
+    foreach (preg_split("/(%%|%s|%d|%f|%b)/", $query, -1, PREG_SPLIT_DELIM_CAPTURE) as $part) {
+      switch ($part) {
+        default: // Hmm what about %f or other valid printf flags?
+          $new_query .= $part;
+          break;
+        case '%%':
+          $new_query .= '%'; 
+          break;
+        case '%s': // %s needs to be inside of '' because of backward compatibility
+          $new_query .= db_escape_string(array_shift($args)); 
+          break;
+        case '%d': // We must use type casting to int to convert false/null/(true?) 
+          $new_query .= (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe
+          break;
+        case '%f': 
+          $new_query .= (float) array_shift($args); // We don't need db_escape_string as numbers are db-safe
+          break;
+        case '%b': // binary data - needs special treatment depending on database type
+          $new_query .= db_encode_blob(array_shift($args)); 
+          break;
+      }
     }
-    $args = array_map('db_escape_string', $args);
-    $args[0] = $query;
-    $query = call_user_func_array('sprintf', $args);
+    return _db_query($new_query); 
   }
-  return _db_query($query);
+  return _db_query($query); 
 }
 
 /**
@@ -165,6 +189,7 @@ function db_query($query) {
  *
  * Echoes the query to the browser.
  */
+// FIXME needs updating - a clone of db_query()
 function db_queryd($query) {
   $args = func_get_args();
   $query = db_prefix_tables($query);
@@ -279,6 +304,8 @@ function db_rewrite_sql($query, $primary
   return $query;
 }
 
+
+
 /**
  * @} End of "defgroup database".
  */
Index: includes/database.mysql.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.mysql.inc,v
retrieving revision 1.40
diff -u -p -r1.40 database.mysql.inc
--- includes/database.mysql.inc	4 Nov 2005 13:02:51 -0000	1.40
+++ includes/database.mysql.inc	7 Nov 2005 12:32:52 -0000
@@ -300,7 +300,7 @@ function db_query_temporary($query) {
  *  Encoded data.
  */
 function db_encode_blob($data) {
-  return $data;
+  return "'". mysql_real_escape_string($data) ."'";
 }
 
 /**
Index: includes/database.mysqli.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.mysqli.inc,v
retrieving revision 1.4
diff -u -p -r1.4 database.mysqli.inc
--- includes/database.mysqli.inc	20 Oct 2005 21:30:50 -0000	1.4
+++ includes/database.mysqli.inc	7 Nov 2005 12:32:52 -0000
@@ -305,7 +305,7 @@ function db_query_temporary($query) {
  *  Encoded data.
  */
 function db_encode_blob($data) {
-  return $data;
+  return "'". mysql_real_escape_string($data) ."'";
 }
 
 /**
Index: includes/database.pgsql.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.pgsql.inc,v
retrieving revision 1.17
diff -u -p -r1.17 database.pgsql.inc
--- includes/database.pgsql.inc	4 Nov 2005 13:02:51 -0000	1.17
+++ includes/database.pgsql.inc	7 Nov 2005 12:32:52 -0000
@@ -278,6 +278,7 @@ function db_query_temporary($query) {
 
 /**
  * Returns a properly formatted Binary Large OBject value.
+ * In case of PostgreSQL encodes data for insert into bytea field.
  *
  * @param $data
  *   Data to encode.
@@ -285,11 +286,12 @@ function db_query_temporary($query) {
  *  Encoded data.
  */
 function db_encode_blob($data) {
-  return addcslashes($data, "\0..\37\\");
+  return "'". pg_escape_bytea($data) ."'";
 }
 
 /**
  * Returns text from a Binary Large OBject value.
+ * In case of PostgreSQL decodes data after select from bytea field.
  *
  * @param $data
  *   Data to decode.
@@ -297,7 +299,7 @@ function db_encode_blob($data) {
  *  Decoded data.
  */
 function db_decode_blob($data) {
-  return stripcslashes($data);
+  return pg_unescape_bytea($data);
 }
 
 /**