? sites/default/files
? sites/default/settings.php
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.788
diff -u -p -r1.788 common.inc
--- includes/common.inc	21 Aug 2008 19:36:36 -0000	1.788
+++ includes/common.inc	23 Aug 2008 17:34:49 -0000
@@ -3239,7 +3239,7 @@ function drupal_write_record($table, &$o
     $array = FALSE;
   }
 
-  $fields = $defs = $values = $serials = $placeholders = array();
+  $fields = $values = $serials = array();
 
   // Go through our schema, build SQL, and when inserting, fill in defaults for
   // fields that are not set.
@@ -3261,19 +3261,16 @@ function drupal_write_record($table, &$o
       unset($object->$field);
     }
 
-    // Build arrays for the fields, placeholders, and values in our query.
+    // Build arrays for the fields and values in our query.
     if (isset($object->$field)) {
-      $fields[] = $field;
-      $placeholders[] = db_type_placeholder($info['type']);
-
       if (empty($info['serialize'])) {
-        $values[] = $object->$field;
+        $fields[$field] = $object->$field;
       }
       elseif (!empty($object->$field)) {
-        $values[] = serialize($object->$field);
+        $fields[$field] = serialize($object->$field);
       }
       else {
-        $values[] = '';
+        $fields[$field] = '';
       }
     }
   }
@@ -3288,31 +3285,20 @@ function drupal_write_record($table, &$o
   }
 
   // Build the SQL.
-  $query = '';
   if (!count($update)) {
-    $query = "INSERT INTO {" . $table . "} (" . implode(', ', $fields) . ') VALUES (' . implode(', ', $placeholders) . ')';
+    $query = db_insert($table)->fields($fields);
     $return = SAVED_NEW;
   }
   else {
-    $query = '';
-    foreach ($fields as $id => $field) {
-      if ($query) {
-        $query .= ', ';
-      }
-      $query .= $field . ' = ' . $placeholders[$id];
-    }
-
     foreach ($update as $key){
-      $conditions[] = "$key = " . db_type_placeholder($schema['fields'][$key]['type']);
-      $values[] = $object->$key;
+      $values[$key] = $object->$key;
     }
-
-    $query = "UPDATE {" . $table . "} SET $query WHERE " . implode(' AND ', $conditions);
+    $query = db_merge($table)->key($values)->fields($fields);
     $return = SAVED_UPDATED;
   }
 
   // Execute the SQL.
-  if (db_query($query, $values)) {
+  if ($query->execute()) {
     if ($serials) {
       // Get last insert ids and fill them in.
       foreach ($serials as $field) {