? sites/default/files
? sites/default/settings.php
Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.52
diff -u -p -r1.52 session.inc
--- includes/session.inc	23 Aug 2008 07:13:49 -0000	1.52
+++ includes/session.inc	30 Aug 2008 08:47:53 -0000
@@ -29,7 +29,7 @@ function sess_read($key) {
   }
 
   // Otherwise, if the session is still active, we have a record of the client's session in the database.
-  $user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid", array(':sid' => $key))->fetch();
+  $user = db_query("SELECT u.*, s.* FROM [{users}] u INNER JOIN [{sessions}] s ON u.[uid] = s.[uid] WHERE s.[sid] = :sid", array(':sid' => $key))->fetch();
 
   // We found the client's session record and they are an authenticated user
   if ($user && $user->uid > 0) {
@@ -39,7 +39,7 @@ function sess_read($key) {
     // Add roles element to $user
     $user->roles = array();
     $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
-    $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid));
+    $result = db_query("SELECT r.[rid], r.[name] FROM [{role}] r INNER JOIN [{users_roles}] ur ON ur.[rid] = r.[rid] WHERE ur.[uid] = :uid", array(':uid' => $user->uid));
     while ($role = db_fetch_object($result)) {
       $user->roles[$role->rid] = $role->name;
     }
@@ -120,7 +120,7 @@ function sess_count($timestamp = 0, $ano
  *   the session id
  */
 function sess_destroy_sid($sid) {
-  db_query("DELETE FROM {sessions} WHERE sid = :sid", array(':sid' => $sid));
+  db_delete('sessions')->condition('sid', $sid)->execute();
 }
 
 /**
@@ -130,7 +130,7 @@ function sess_destroy_sid($sid) {
  *   the user id
  */
 function sess_destroy_uid($uid) {
-  db_query('DELETE FROM {sessions} WHERE uid = :uid', array(':uid' => $uid));
+  db_delete('sessions')->condition('uid', $uid)->execute();
 }
 
 function sess_gc($lifetime) {
@@ -139,7 +139,7 @@ function sess_gc($lifetime) {
   // for three weeks before deleting them, you need to set gc_maxlifetime
   // to '1814400'. At that value, only after a user doesn't log in after
   // three weeks (1814400 seconds) will his/her session be removed.
-  db_query("DELETE FROM {sessions} WHERE timestamp < :timestamp", array(':timestamp' => time() - $lifetime));
+  db_delete('sessions')->condition('timestamp', time() - $lifetime, '<')->execute();
 
   return TRUE;
 }
Index: includes/database/database.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database/database.inc,v
retrieving revision 1.1
diff -u -p -r1.1 database.inc
--- includes/database/database.inc	21 Aug 2008 19:36:36 -0000	1.1
+++ includes/database/database.inc	30 Aug 2008 08:47:53 -0000
@@ -146,6 +146,11 @@ abstract class DatabaseConnection extend
    */
   public $lastStatement;
 
+  /**
+   * String to use to quote identifiers and names.
+   */
+  protected $nameQuote = '"';
+
   function __construct($dsn, $username, $password, $driver_options = array()) {
     $driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION; // Because the other methods don't seem to work right.
     parent::__construct($dsn, $username, $password, $driver_options);
@@ -248,6 +253,23 @@ abstract class DatabaseConnection extend
     }
   }
 
+ /**
+   * Escape all constraints in a query for reserved word conflict safe.
+   *
+   * Queries sent to Drupal should wrap all identifiers and names in square
+   * brackets. This function will search for this syntax and replace it as
+   * corresponding escape characters, based on the database engine specific
+   * requirement.
+   *
+   * @param $sql
+   *   A string containing a partial or entire SQL query.
+   * @return
+   *   The properly-escaped string.
+   */
+  protected function escapeConstraints($sql) {
+    return strtr($sql, array('[' => $this->nameQuote , ']' => $this->nameQuote));
+  }
+
   /**
    * Prepare a query string and return the prepared statement.
    * 
@@ -263,6 +285,7 @@ abstract class DatabaseConnection extend
   protected function prepareQuery($query) {
     static $statements = array();
     $query = self::prefixTables($query);
+    $query = self::escapeConstraints($query);
     if (empty($statements[$query])) {
       $statements[$query] = parent::prepare($query);
     }
Index: includes/database/mysql/database.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database/mysql/database.inc,v
retrieving revision 1.1
diff -u -p -r1.1 database.inc
--- includes/database/mysql/database.inc	21 Aug 2008 19:36:36 -0000	1.1
+++ includes/database/mysql/database.inc	30 Aug 2008 08:47:53 -0000
@@ -14,6 +14,7 @@
 class DatabaseConnection_mysql extends DatabaseConnection {
 
   protected $transactionSupport;
+  protected $nameQuote = '`';
 
   public function __construct(Array $connection_options = array()) {