? sites/default/files
? sites/default/settings.php
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.888
diff -u -p -r1.888 user.module
--- modules/user/user.module	16 Jan 2008 22:54:41 -0000	1.888
+++ modules/user/user.module	18 Jan 2008 07:59:28 -0000
@@ -216,16 +216,16 @@ function user_save($account, $array = ar
     if (empty($array['access']) && empty($account->access) && user_access('administer users')) {
       $array['access'] = time();
     }
+
+    $object = array();
     foreach ($array as $key => $value) {
       if ($key == 'pass' && !empty($value)) {
-        $query .= "$key = '%s', ";
-        $v[] = md5($value);
+        $object[$key] = md5($value);
       }
       else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
         if (in_array($key, $user_fields)) {
           // Save standard fields
-          $query .= "$key = '%s', ";
-          $v[] = $value;
+          $object[$key] = $value;
         }
         else if ($key != 'roles') {
           // Roles is a special case: it used below.
@@ -238,10 +238,10 @@ function user_save($account, $array = ar
         }
       }
     }
-    $query .= "data = '%s' ";
-    $v[] = serialize($data);
+    $object['data'] = serialize($data);
+    $object['uid'] = $account->uid;
 
-    $success = db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
+    $success = drupal_write_record('users', $object, 'uid');
     if (!$success) {
       // The query failed - better to abort the save than risk further data loss.
       return FALSE;
@@ -295,30 +295,17 @@ function user_save($account, $array = ar
     // Note, we wait with saving the data column to prevent module-handled
     // fields from being saved there. We cannot invoke hook_user('insert') here
     // because we don't have a fully initialized user object yet.
+    $object = array();
     foreach ($array as $key => $value) {
-      switch ($key) {
-        case 'pass':
-          $fields[] = $key;
-          $values[] = md5($value);
-          $s[] = "'%s'";
-          break;
-        case 'mode':       case 'sort':     case 'timezone':
-        case 'threshold':  case 'created':  case 'access':
-        case 'login':      case 'status':
-          $fields[] = $key;
-          $values[] = $value;
-          $s[] = "%d";
-          break;
-        default:
-          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
-            $fields[] = $key;
-            $values[] = $value;
-            $s[] = "'%s'";
-          }
-          break;
+      if ($key == 'pass') {
+        $object[$key] = md5($value);
+      }
+      else if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
+        $object[$key] = $value;
       }
     }
-    $success = db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
+
+    $success = drupal_write_record('users', $object);
     if (!$success) {
       // On a failed INSERT some other existing user's uid may be returned.  We
       // must abort to avoid overwirting their account.
@@ -326,7 +313,7 @@ function user_save($account, $array = ar
     }
     
     // Build the initial user object.
-    $array['uid'] = db_last_insert_id('users', 'uid');
+    $array['uid'] = $object['uid'];
     $user = user_load(array('uid' => $array['uid']));
 
     user_module_invoke('insert', $array, $user, $category);