db_query
Definition
db_query($query)
includes/database.inc, line 144
Description
Runs a basic query in the active database.
User-supplied arguments to the query should be passed in as separate parameters so that they can be properly escaped to avoid SQL injection attacks.
Parameters
$query A string containing an SQL query.
... A variable number of arguments which are substituted into the query using printf) syntax. Instead of a variable number of query arguments, you may also pass a single array containing the query arguments.
Return value
A database query result resource, or FALSE if the query was not executed correctly.
Related topics
Name | Description |
|---|---|
| Database abstraction layer | Allow the use of different database servers using the same code base. |
Code
<?php
function db_query($query) {
$args = func_get_args();
$query = db_prefix_tables($query);
if (count($args) > 1) {
if (is_array($args[1])) {
$args = array_merge(array($query), $args[1]);
}
$args = array_map('db_escape_string', $args);
$args[0] = $query;
$query = call_user_func_array('sprintf', $args);
}
return _db_query($query);
}
?>