db_query

4.6 database.inc db_query($query)
4.7 database.inc db_query($query)
5 database.inc db_query($query)
6 database.mysql-common.inc db_query($query)
6 database.pgsql.inc db_query($query)
7 database.inc db_query($query, array $args = array(), array $options = array())
8 database.inc db_query($query, array $args = array(), array $options = array())

Runs a basic query in the active database.

User-supplied arguments to the query should be passed in as separate parameters so that they can be properly escaped to avoid SQL injection attacks.

Parameters

$query: A string containing an SQL query.

...: A variable number of arguments which are substituted into the query using printf() syntax. Instead of a variable number of query arguments, you may also pass a single array containing the query arguments.

Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose in '') and %%.

NOTE: using this syntax will cast NULL and FALSE values to decimal 0, and TRUE values to decimal 1.

Return value

A database query result resource, or FALSE if the query was not executed correctly.

Related topics

340 calls to db_query()

File

drupal/includes/database.inc, line 188
Wrapper for database interface code.

Code

function db_query($query) {
  $args = func_get_args();
  array_shift($args);
  $query = db_prefix_tables($query);
  if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
    $args = $args[0];
  }
  _db_query_callback($args, TRUE);
  $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
  return _db_query($query);
}