Code review (system)

system.install

Line 618: table names should be enclosed in {curly_brackets}

      if (!db_result(db_query("SELECT COUNT(*) FROM pg_proc WHERE proname = 'rand'"))) {

Line 625: table names should be enclosed in {curly_brackets}

      if (!db_result(db_query("SELECT COUNT(*) FROM pg_proc WHERE proname = 'concat'"))) {

Line 904: missing space after comma

      db_query("SELECT setval('{role}_rid_seq',". max(DRUPAL_ANONYMOUS_RID,DRUPAL_AUTHENTICATED_RID) .")");

Line 1855: In SQL strings, Use db_query() placeholders in place of variables. This is a protential source of SQL injection attacks when the variable can come from user data. (Drupal Docs)
```
    $ret[] = update_sql("INSERT INTO {sequences} (name, id) VALUES ('{node_revisions}_vid', $vid)");
```
Explanation: Use %s and %d variable substitution. When inserting an array of values use $placeholders = implode(',', array_fill(0, count($args), "'%s'"));

Line 1903: Use ANSI standard <> instead of !=

  $result = db_query("SELECT nid, log FROM {book} WHERE log != ''");

Line 2096: string concatenation should be formatted without a space separating the operators (dot .) and a quote

                             "', '" . db_escape_string($links['description'][$i]) . "', 0, 118)");

Line 2101: In SQL strings, Use db_query() placeholders in place of variables. This is a protential source of SQL injection attacks when the variable can come from user data. (Drupal Docs)
```
      db_query("DELETE FROM {menu} WHERE mid={$menus[$loop]['pid']}");
```
Explanation: Use %s and %d variable substitution. When inserting an array of values use $placeholders = implode(',', array_fill(0, count($args), "'%s'"));
Line 2113: string concatenation should be formatted without a space separating the operators (dot .) and a quote
```
    variable_del('phptemplate_' .$menus[$loop]['links_var']);
```
Line 2113: string concatenation should be formatted with a space separating the operators (dot .) and non-quote terms
```
    variable_del('phptemplate_' .$menus[$loop]['links_var']);
```
Line 2148: use a space between the closing parenthesis and the open bracket
```
function system_update_153(){
```
Line 2329: In SQL strings, Use db_query() placeholders in place of variables. This is a protential source of SQL injection attacks when the variable can come from user data. (Drupal Docs)
```
            $ret[] = update_sql("UPDATE {sequences} SET id = $vid WHERE name = '{node_revisions}_vid'");
```
Explanation: Use %s and %d variable substitution. When inserting an array of values use $placeholders = implode(',', array_fill(0, count($args), "'%s'"));

Line 2614: string concatenation should be formatted without a space separating the operators (dot .) and a quote

  $ret[] = update_sql('DELETE FROM {users_roles} WHERE rid IN ('. DRUPAL_ANONYMOUS_RID. ', '. DRUPAL_AUTHENTICATED_RID. ')');

Line 2614: string concatenation should be formatted with a space separating the operators (dot .) and non-quote terms

  $ret[] = update_sql('DELETE FROM {users_roles} WHERE rid IN ('. DRUPAL_ANONYMOUS_RID. ', '. DRUPAL_AUTHENTICATED_RID. ')');

Line 2808: string concatenation should be formatted without a space separating the operators (dot .) and a quote

          $text = preg_replace('|'. $type .'\s*=\s*"'. preg_quote($url) .'\s*"|', $type. '="'.base_path(). $url  .'"', $text);

Line 2808: string concatenation should be formatted with a space separating the operators (dot .) and non-quote terms

          $text = preg_replace('|'. $type .'\s*=\s*"'. preg_quote($url) .'\s*"|', $type. '="'.base_path(). $url  .'"', $text);

bluemarine (core)	garland (active) (core)	minnelli (core)
chameleon (core)	marvin (core)	pushbutton (core)