#1 dbUtility.php mixes use of db_query and mysql_fetch_row

[Anonymous]

Database functions in customcode/dbUtility.php mix use of db_query and mysql_fetch_*. Additionally, many proprietary MySQL keywords are used in queries, making them less portable.

The attached patch modifies this file to accomplish the following:
- Use db_result and db_fetch_row instead of mysql_fetch_*
- Utilize Drupal's database escaping functionality to prevent possible vulnerabilities
- Use only ANSI SQL in queries (with two exceptions, accompanied by WARNING comments)
- Make database query logic more readable
- Enforce coding style standards

[Gaurav Mullick]

Thanks for the patch Daniel, we are currently reviewing it and will let you know if we will accept it.

[Gaurav Mullick]

Moving to Patches

[Gaurav Mullick]

Was unable to apply this patch until I changed line 1 from

--- customcode/dbUtility.php-orig 2011-04-04 09:33:07.382328700 -0400
to
--- customcode/dbUtility.php 2011-04-04 09:33:07.382328700 -0400

Have attached the corrected file. Still evaluating the patch as a whole

[Gaurav Mullick]

Daniel,

We cannot accept this patch as it seems to remove the functions isOMBUser and getUserAgency. Both of these are integral to almost all pages.

[Anonymous]

Patching functions in small chunks/batches for easier testability

[Anonymous]

The dbUtility-1.patch is the first of a series of patches that will address the functions in dbUtility.php one by one.

As always:
cd $webroot
patch -p0 < dbUtility-1.patch

[Anonymous]

Cleanup of four more functions in dbUtility.php

[Gaurav Mullick]

Daniel since the functions dbUtility file are used throughout the site it would require multiple regression test cycles from our end if you submit multiple patches. We would really appreciate it if you could make all your changes and submit as one patch.