- Accessibility
- Actions
- Blog
- Bootstrap
- Calendar
- Code Snippets
- Core Hacks
- Cron
- Development Environment
- Drupal 7
- Flash
- Forms
- Goodies
- Hooks
- Hosting
- Images
- Installation, Updating and Moving
- Internationalization
- Javascript/JQuery
- Learning Drupal (New Users)
- Login/User Management/Permissions
- Logs
- Menus
- Modules
- Nodes
- Paths
- Performance
- RSS
- Reference Sites
- Registry
- Reporting
- Reporting Bugs/Issues
- SEO
- Schema
- Search
- Security
- SimpleTest
- Sites
- Support
- Testing
- Themes
- Troubleshooting
- Upgrading
- User Groups
- Workflow
Submitted by captaindav on Wed, 2010-04-21 14:05
Use dbquery to run a query in the Drupal database.
The first parameter is the query as a text string. Then a variable number of parameters are permitted, each being a variable that is substituted into the query. This variable substitution is necessary to avoid SQL injection attacks.
For example:
dbquery("SELECT * FROM node INNERJOIN content_type_profile ON node.nid = content_type_profile.nid WHERE node.nid = %d", $nid);
$start = time();
$query = "SELECT * FROM node INNERJOIN content_type_profile ON node.nid = content_type_profile.nid WHERE node.nid = %d";
$result = dbquery($query, $nid);
//dpm($query); //Used for debugging
//dpm($result); //Used for debugging
$duration = time() - $start;
watchdog('gs_custom', 'Search query took '. $duration .'ms');
if ($result) {
while ($row = db_fetch_object($result)) {
$status = $row->status;
// Do something...
}
}
Available Substitution Placeholder:
%s => String
%d => Integer
%b => Binary
%f => Float
%% => Insert a literal %