8.3.x database.inc db_query($query, array $args = [], array $options = [])
8.0.x database.inc db_query($query, array $args = array(), array $options = array())
8.1.x database.inc db_query($query, array $args = array(), array $options = array())
8.2.x database.inc db_query($query, array $args = array(), array $options = array())
8.4.x database.inc db_query($query, array $args = [], array $options = [])
4.6.x database.inc db_query($query)
4.7.x database.inc db_query($query)
5.x database.inc db_query($query)
6.x database.pgsql.inc db_query($query)
6.x database.mysql-common.inc db_query($query)
7.x database.inc db_query($query, array $args = array(), array $options = array())

Runs a basic query in the active database.

User-supplied arguments to the query should be passed in as separate parameters so that they can be properly escaped to avoid SQL injection attacks.

Parameters

$query: A string containing an SQL query.

...: A variable number of arguments which are substituted into the query using printf() syntax. Instead of a variable number of query arguments, you may also pass a single array containing the query arguments.

Return value

A database query result resource, or FALSE if the query was not executed correctly.

Related topics

File

includes/database.inc, line 144
Wrapper for database interface code.

Code

function db_query($query) {
  $args = func_get_args();
  $query = db_prefix_tables($query);
  if (count($args) > 1) {
    if (is_array($args[1])) {
      $args = array_merge(array($query), $args[1]);
    }
    $args = array_map('db_escape_string', $args);
    $args[0] = $query;
    $query = call_user_func_array('sprintf', $args);
  }
  return _db_query($query);
}