? sites/default/files
? sites/default/settings.php
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.788
diff -u -p -r1.788 common.inc
--- includes/common.inc	21 Aug 2008 19:36:36 -0000	1.788
+++ includes/common.inc	27 Aug 2008 19:30:22 -0000
@@ -3239,7 +3239,7 @@ function drupal_write_record($table, &$o
     $array = FALSE;
   }
 
-  $fields = $defs = $values = $serials = $placeholders = array();
+  $fields = array();
 
   // Go through our schema, build SQL, and when inserting, fill in defaults for
   // fields that are not set.
@@ -3254,26 +3254,24 @@ function drupal_write_record($table, &$o
       $object->$field = $info['default'];
     }
 
-    // Track serial fields so we can helpfully populate them after the query.
+    // Track serial field so we can helpfully populate them after the query.
+    // NOTE: Each table should come with one serial field only.
     if ($info['type'] == 'serial') {
-      $serials[] = $field;
-      // Ignore values for serials when inserting data. Unsupported.
+      $serial = $field;
+      // Ignore values for serial when inserting data. Unsupported.
       unset($object->$field);
     }
 
-    // Build arrays for the fields, placeholders, and values in our query.
+    // Build arrays for the fields and values in our query.
     if (isset($object->$field)) {
-      $fields[] = $field;
-      $placeholders[] = db_type_placeholder($info['type']);
-
       if (empty($info['serialize'])) {
-        $values[] = $object->$field;
+        $fields[$field] = $object->$field;
       }
       elseif (!empty($object->$field)) {
-        $values[] = serialize($object->$field);
+        $fields[$field] = serialize($object->$field);
       }
       else {
-        $values[] = '';
+        $fields[$field] = '';
       }
     }
   }
@@ -3282,42 +3280,29 @@ function drupal_write_record($table, &$o
     // No changes requested.
     // If we began with an array, convert back so we don't surprise the caller.
     if ($array) {
-      $object = (array)$object;
+      $object = (array) $object;
     }
     return;
   }
 
   // Build the SQL.
-  $query = '';
   if (!count($update)) {
-    $query = "INSERT INTO {" . $table . "} (" . implode(', ', $fields) . ') VALUES (' . implode(', ', $placeholders) . ')';
+    $query = db_insert($table)->fields($fields);
     $return = SAVED_NEW;
   }
   else {
-    $query = '';
-    foreach ($fields as $id => $field) {
-      if ($query) {
-        $query .= ', ';
-      }
-      $query .= $field . ' = ' . $placeholders[$id];
-    }
-
+    $query = db_update($table)->fields($fields);
     foreach ($update as $key){
-      $conditions[] = "$key = " . db_type_placeholder($schema['fields'][$key]['type']);
-      $values[] = $object->$key;
+      $query->condition($key, $object->$key);
     }
-
-    $query = "UPDATE {" . $table . "} SET $query WHERE " . implode(' AND ', $conditions);
     $return = SAVED_UPDATED;
   }
 
   // Execute the SQL.
-  if (db_query($query, $values)) {
-    if ($serials) {
-      // Get last insert ids and fill them in.
-      foreach ($serials as $field) {
-        $object->$field = db_last_insert_id($table, $field);
-      }
+  if ($last_insert_id = $query->execute()) {
+    if ($serial) {
+      // Fill in last insert ids.
+      $object->$serial = $last_insert_id;
     }
   }
   else {