Same name and namespace in other branches
- 4.7.x includes/database.inc \db_query()
- 5.x includes/database.inc \db_query()
- 6.x includes/database.pgsql.inc \db_query()
- 6.x includes/database.mysql-common.inc \db_query()
- 7.x includes/database/database.inc \db_query()
- 8.9.x core/includes/database.inc \db_query()
Runs a basic query in the active database.
User-supplied arguments to the query should be passed in as separate parameters so that they can be properly escaped to avoid SQL injection attacks.
Parameters
$query: A string containing an SQL query.
...: A variable number of arguments which are substituted into the query using printf() syntax. Instead of a variable number of query arguments, you may also pass a single array containing the query arguments.
Return value
A database query result resource, or FALSE if the query was not executed correctly.
Related topics
245 calls to db_query()
- aggregator_block in modules/
aggregator.module - Implementation of hook_block().
- aggregator_cron in modules/
aggregator.module - Implementation of hook_cron().
- aggregator_form_feed in modules/
aggregator.module - aggregator_get_category in modules/
aggregator.module - aggregator_get_feed in modules/
aggregator.module
File
- includes/
database.inc, line 144 - Wrapper for database interface code.
Code
function db_query($query) {
$args = func_get_args();
$query = db_prefix_tables($query);
if (count($args) > 1) {
if (is_array($args[1])) {
$args = array_merge(array(
$query,
), $args[1]);
}
$args = array_map('db_escape_string', $args);
$args[0] = $query;
$query = call_user_func_array('sprintf', $args);
}
return _db_query($query);
}