8.5.x database.inc db_query($query, array $args = [], array $options = [])
8.0.x database.inc db_query($query, array $args = array(), array $options = array())
8.1.x database.inc db_query($query, array $args = array(), array $options = array())
8.2.x database.inc db_query($query, array $args = array(), array $options = array())
8.3.x database.inc db_query($query, array $args = [], array $options = [])
8.4.x database.inc db_query($query, array $args = [], array $options = [])
8.6.x database.inc db_query($query, array $args = [], array $options = [])
4.6.x database.inc db_query($query)
4.7.x database.inc db_query($query)
5.x database.inc db_query($query)
6.x database.pgsql.inc db_query($query)
6.x database.mysql-common.inc db_query($query)
7.x database.inc db_query($query, array $args = array(), array $options = array())

Runs a basic query in the active database.

User-supplied arguments to the query should be passed in as separate parameters so that they can be properly escaped to avoid SQL injection attacks.


$query: A string containing an SQL query.

...: A variable number of arguments which are substituted into the query using printf() syntax. Instead of a variable number of query arguments, you may also pass a single array containing the query arguments.

Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose in '') and %%.

NOTE: using this syntax will cast NULL and FALSE values to decimal 0, and TRUE values to decimal 1.

Return value

Successful SELECT, SHOW, DESCRIBE, EXPLAIN, or other queries which return a set of results will return a database query result resource. Other successful queries will return TRUE and failing queries will return FALSE.

359 calls to db_query()
actions_delete in includes/actions.inc
Delete a single action from the database.
actions_do in includes/actions.inc
Perform a given list of actions by executing their callback functions.
actions_function_lookup in includes/actions.inc
Given an md5 hash of a function name, return the function name.
actions_get_all_actions in includes/actions.inc
Retrieves all action instances from the database.
actions_load in includes/actions.inc
Retrieve a single action from the database.

... See full list

1 string reference to 'db_query'
drupal_error_handler in includes/common.inc
Log errors as defined by administrator.


includes/database.mysql-common.inc, line 33
Functions shared between mysql and mysqli database engines.


function db_query($query) {
  $args = func_get_args();
  $query = db_prefix_tables($query);
  if (isset($args[0]) and is_array($args[0])) {

    // 'All arguments in one array' syntax
    $args = $args[0];
  _db_query_callback($args, TRUE);
  $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
  return _db_query($query);


fuerst’s picture

Note that curly brackets used as repetition quantifier in Regex's are removed as any other curly bracket. Pass the Regex as argument to db_query() instead like this:

db_query('SELECT name from {users} WHERE name RLIKE "%s"', '[a-z]{8}');
HylkeVDS’s picture

Also note that if you want your code to also run on postgresql you should use ' to quote strings, not "

db_query("SELECT name from {users} WHERE name RLIKE '%s'", '[a-z]{8}');

But then again, pgsql doesn't know RLIKE...

Bhargavi Moorthy’s picture

what does @db_query mean?

JayFid’s picture

boaz_r’s picture

Meaning this syntax will tell PHP to ignore errors generated by that very statement, and only for this statement.