Database functions in customcode/dbUtility.php mix use of db_query and mysql_fetch_*. Additionally, many proprietary MySQL keywords are used in queries, making them less portable.
The attached patch modifies this file to accomplish the following:
- Use db_result and db_fetch_row instead of mysql_fetch_*
- Utilize Drupal's database escaping functionality to prevent possible vulnerabilities
- Use only ANSI SQL in queries (with two exceptions, accompanied by WARNING comments)
- Make database query logic more readable
- Enforce coding style standards