Same name and namespace in other branches
  1. 4.7.x includes/database.inc \db_query()
  2. 5.x includes/database.inc \db_query()
  3. 6.x includes/database.pgsql.inc \db_query()
  4. 6.x includes/database.mysql-common.inc \db_query()
  5. 7.x includes/database/database.inc \db_query()
  6. 8.9.x core/includes/database.inc \db_query()

Runs a basic query in the active database.

User-supplied arguments to the query should be passed in as separate parameters so that they can be properly escaped to avoid SQL injection attacks.

Parameters

$query: A string containing an SQL query.

...: A variable number of arguments which are substituted into the query using printf() syntax. Instead of a variable number of query arguments, you may also pass a single array containing the query arguments.

Return value

A database query result resource, or FALSE if the query was not executed correctly.

Related topics

Database abstraction layer
Allow the use of different database servers using the same code base.
245 calls to db_query()
aggregator_block in modules/aggregator.module
Implementation of hook_block().
aggregator_cron in modules/aggregator.module
Implementation of hook_cron().
aggregator_form_feed in modules/aggregator.module
aggregator_get_category in modules/aggregator.module
aggregator_get_feed in modules/aggregator.module

... See full list

File

includes/database.inc, line 144
Wrapper for database interface code.

Code

function db_query($query) {
  $args = func_get_args();
  $query = db_prefix_tables($query);
  if (count($args) > 1) {
    if (is_array($args[1])) {
      $args = array_merge(array(
        $query,
      ), $args[1]);
    }
    $args = array_map('db_escape_string', $args);
    $args[0] = $query;
    $query = call_user_func_array('sprintf', $args);
  }
  return _db_query($query);
}