Merge pull request #3708 from annando/dba-bugfix

Bugfix for pictures that weren't stored / reworked database calls
2017-09-16 07:24:56 +02:00 · 2017-09-16 07:24:56 +02:00 · 7e193cfb7a
parent 40fa941518 0eb92bf12a
commit 7e193cfb7a
20 changed files with 102 additions and 336 deletions
--- a/include/Contact.php
+++ b/include/Contact.php
@ -9,27 +9,27 @@ use Friendica\Network\Probe;
 // authorisation to do this.
 function user_remove($uid) {
-	if(! $uid)
+	if (!$uid) {
 		return;
 	}
 	logger('Removing user: ' . $uid);
-	$r = q("select * from user where uid = %d limit 1", intval($uid));
+	$r = dba::select('user', array(), array('uid' => $uid), array("limit" => 1));
-	call_hooks('remove_user',$r[0]);
+	call_hooks('remove_user',$r);
 	// save username (actually the nickname as it is guaranteed
 	// unique), so it cannot be re-registered in the future.
-	q("insert into userd ( username ) values ( '%s' )",
+	dba::insert('userd', array('username' => $r['nickname']));
 		$r[0]['nickname']
 	);
 	// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
 	q("UPDATE `user` SET `account_removed` = 1, `account_expires_on` = UTC_TIMESTAMP() WHERE `uid` = %d", intval($uid));
 	proc_run(PRIORITY_HIGH, "include/notifier.php", "removeme", $uid);
 	// Send an update to the directory
-	proc_run(PRIORITY_LOW, "include/directory.php", $r[0]['url']);
+	proc_run(PRIORITY_LOW, "include/directory.php", $r['url']);
 	if($uid == local_user()) {
 		unset($_SESSION['authenticated']);
--- a/include/Photo.php
+++ b/include/Photo.php
@ -628,92 +628,24 @@ class Photo {
 	public function store($uid, $cid, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '', $desc = '') {
-		$r = q("SELECT `guid` FROM `photo` WHERE `resource-id` = '%s' AND `guid` != '' LIMIT 1",
+		$r = dba::select('photo', array('guid'), array("`resource-id` = ? AND `guid` != ?", $rid, ''), array('limit' => 1));
 			dbesc($rid)
 		);
 		if (dbm::is_result($r)) {
-			$guid = $r[0]['guid'];
+			$guid = $r['guid'];
 		} else {
 			$guid = get_guid();
 		}
-		$x = q("SELECT `id` FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `contact-id` = %d AND `scale` = %d LIMIT 1",
+		$x = dba::select('photo', array('id'), array('resource-id' => $rid, 'uid' => $uid, 'contact-id' => $cid, 'scale' => $scale), array('limit' => 1));
 			dbesc($rid),
 			intval($uid),
 			intval($cid),
 			intval($scale)
 		);
 		if (dbm::is_result($x)) {
 			$r = q("UPDATE `photo`
 				SET `uid` = %d,
 				`contact-id` = %d,
 				`guid` = '%s',
 				`resource-id` = '%s',
 				`created` = '%s',
 				`edited` = '%s',
 				`filename` = '%s',
 				`type` = '%s',
 				`album` = '%s',
 				`height` = %d,
 				`width` = %d,
 				`datasize` = %d,
 				`data` = '%s',
 				`scale` = %d,
 				`profile` = %d,
 				`allow_cid` = '%s',
 				`allow_gid` = '%s',
 				`deny_cid` = '%s',
 				`deny_gid` = '%s',
 				`desc` = '%s'
 				WHERE `id` = %d",
-				intval($uid),
+		$fields = array('uid' => $uid, 'contact-id' => $cid, 'guid' => $guid, 'resource-id' => $rid, 'created' => datetime_convert(), 'edited' => datetime_convert(),
-				intval($cid),
+				'filename' => basename($filename), 'type' => $this->getType(), 'album' => $album, 'height' => $this->getHeight(), 'width' => $this->getWidth(),
-				dbesc($guid),
+				'datasize' => strlen($this->imageString()), 'data' => $this->imageString(), 'scale' => $scale, 'profile' => $profile,
-				dbesc($rid),
+				'allow_cid' => $allow_cid, 'allow_gid' => $allow_gid, 'deny_cid' => $deny_cid, 'deny_gid' => $deny_gid, 'desc' => $desc);
-				dbesc(datetime_convert()),
+
-				dbesc(datetime_convert()),
+		if (dbm::is_result($x)) {
-				dbesc(basename($filename)),
+			$r = dba::update('photo', $fields, array('id' => $x['id']));
 				dbesc($this->getType()),
 				dbesc($album),
 				intval($this->getHeight()),
 				intval($this->getWidth()),
 				dbesc(strlen($this->imageString())),
 				dbesc($this->imageString()),
 				intval($scale),
 				intval($profile),
 				dbesc($allow_cid),
 				dbesc($allow_gid),
 				dbesc($deny_cid),
 				dbesc($deny_gid),
 				dbesc($desc),
 				intval($x[0]['id'])
 			);
 		} else {
-			$r = q("INSERT INTO `photo`
+			$r = dba::insert('photo', $fields);
 				(`uid`, `contact-id`, `guid`, `resource-id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `datasize`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `desc`)
 				VALUES (%d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', '%s', '%s')",
 				intval($uid),
 				intval($cid),
 				dbesc($guid),
 				dbesc($rid),
 				dbesc(datetime_convert()),
 				dbesc(datetime_convert()),
 				dbesc(basename($filename)),
 				dbesc($this->getType()),
 				dbesc($album),
 				intval($this->getHeight()),
 				intval($this->getWidth()),
 				dbesc(strlen($this->imageString())),
 				dbesc($this->imageString()),
 				intval($scale),
 				intval($profile),
 				dbesc($allow_cid),
 				dbesc($allow_gid),
 				dbesc($deny_cid),
 				dbesc($deny_gid),
 				dbesc($desc)
 			);
 		}
 		return $r;
--- a/include/dba.php
+++ b/include/dba.php
@ -7,11 +7,6 @@ require_once('include/datetime.php');
 /**
 * @class MySQL database class
 *
 * For debugging, insert 'dbg(1);' anywhere in the program flow.
 * dbg(0); will turn it off. Logging is performed at LOGGER_DATA level.
 * When logging, all binary info is converted to text and html entities are escaped so that
 * the debugging stream is safe to view within both terminals and web pages.
 *
 * This class is for the low level database stuff that does driver specific things.
 */
@ -242,10 +237,6 @@ class dba {
 		return $data;
 	}
 	public function dbg($dbg) {
 		$this->debug = $dbg;
 	}
 	public function escape($str) {
 		if ($this->db && $this->connected) {
 			switch ($this->driver) {
@ -1291,24 +1282,6 @@ class dba {
 	}
 }
 function printable($s) {
 	$s = preg_replace("~([\x01-\x08\x0E-\x0F\x10-\x1F\x7F-\xFF])~",".", $s);
 	$s = str_replace("\x00",'.',$s);
 	if (x($_SERVER,'SERVER_NAME')) {
 		$s = escape_tags($s);
 	}
 	return $s;
 }
 // Procedural functions
 function dbg($state) {
 	global $db;
 	if ($db) {
 		$db->dbg($state);
 	}
 }
 function dbesc($str) {
 	global $db;
@ -1361,76 +1334,6 @@ function q($sql) {
 	return $data;
 }
 /**
 * @brief Performs a query with "dirty reads" - deprecated
 *
 * Please use the dba:: functions instead:
 * dba::select, dba::exists, dba::insert
 * dba::delete, dba::update, dba::p, dba::e
 *
 * @param $args Query parameters (1 to N parameters of different types)
 * @return array Query array
 */
 function qu($sql) {
 	global $db;
 	$args = func_get_args();
 	unset($args[0]);
 	if ($db && $db->connected) {
 		$sql = $db->clean_query($sql);
 		$sql = $db->any_value_fallback($sql);
 		$stmt = @vsprintf($sql,$args); // Disabled warnings
 		if ($stmt === false)
 			logger('dba: vsprintf error: ' . print_r(debug_backtrace(),true), LOGGER_DEBUG);
 		$db->log_index($stmt);
 		$retval = $db->q($stmt);
 		return $retval;
 	}
 	/**
 	 *
 	 * This will happen occasionally trying to store the
 	 * session data after abnormal program termination
 	 *
 	 */
 	logger('dba: no database: ' . print_r($args,true));
 	return false;
 }
 /**
 *
 * Raw db query, no arguments
 *
 */
 function dbq($sql) {
 	global $db;
 	if ($db && $db->connected) {
 		$ret = $db->q($sql);
 	} else {
 		$ret = false;
 	}
 	return $ret;
 }
 // Caller is responsible for ensuring that any integer arguments to
 // dbesc_array are actually integers and not malformed strings containing
 // SQL injection vectors. All integer array elements should be specifically
 // cast to int to avoid trouble.
 function dbesc_array_cb(&$item, $key) {
 	if (is_string($item))
 		$item = dbesc($item);
 }
 function dbesc_array(&$arr) {
 	if (is_array($arr) && count($arr)) {
 		array_walk($arr,'dbesc_array_cb');
 	}
 }
 function dba_timer() {
 	return microtime(true);
 }
--- a/include/dfrn.php
+++ b/include/dfrn.php
@ -1669,9 +1669,7 @@ class dfrn {
 		$msg["seen"] = 0;
 		$msg["replied"] = 0;
-		dbm::esc_array($msg, true);
+		dba::insert('mail', $msg);
 		$r = dbq("INSERT INTO `mail` (`".implode("`, `", array_keys($msg))."`) VALUES (".implode(", ", array_values($msg)).")");
 		// send notifications.
 		/// @TODO Arange this mess
--- a/include/items.php
+++ b/include/items.php
@ -955,7 +955,7 @@ function item_store($arr, $force_parent = false, $notify = false, $dontcache = f
 	 * An unique index would help - but the limitations of MySQL (maximum size of index values) prevent this.
 	 */
 	if ($arr["uid"] == 0) {
-		$r = qu("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = 0 LIMIT 1", dbesc(trim($arr['uri'])));
+		$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = 0 LIMIT 1", dbesc(trim($arr['uri'])));
 		if (dbm::is_result($r)) {
 			logger('Global item already stored. URI: '.$arr['uri'].' on network '.$arr['network'], LOGGER_DEBUG);
 			return 0;
--- a/include/message.php
+++ b/include/message.php
@ -60,22 +60,14 @@ function send_message($recipient=0, $body='', $subject='', $replyto=''){
 		$handles = $recip_handle . ';' . $sender_handle;
-		$r = q("insert into conv (uid,guid,creator,created,updated,subject,recips) values(%d, '%s', '%s', '%s', '%s', '%s', '%s') ",
+		$fields = array('uid' => local_user(), 'guid' => $conv_guid, 'creator' => $sender_handle,
-			intval(local_user()),
+				'created' => datetime_convert(), 'updated' => datetime_convert(),
-			dbesc($conv_guid),
+				'subject' => $subject, 'recips' => $handles);
-			dbesc($sender_handle),
+		$r = dba::insert('conv', $fields);
 			dbesc(datetime_convert()),
 			dbesc(datetime_convert()),
 			dbesc($subject),
 			dbesc($handles)
 		);
-		$r = q("select * from conv where guid = '%s' and uid = %d limit 1",
+		$r = dba::select('conv', array('id', array('guid' => $conv_guid, 'uid' => local_user())), array('limit' => 1));
 			dbesc($conv_guid),
 			intval(local_user())
 		);
 		if (dbm::is_result($r))
-			$convid = $r[0]['id'];
+			$convid = $r['id'];
 	}
 	if (! $convid) {
@ -194,28 +186,18 @@ function send_wallmessage($recipient='', $body='', $subject='', $replyto=''){
 	$handles = $recip_handle . ';' . $sender_handle;
-	$r = q("INSERT INTO `conv` (`uid`,`guid`,`creator`,`created`,`updated`,`subject`,`recips`) values(%d, '%s', '%s', '%s', '%s', '%s', '%s') ",
+	$fields = array('uid' => $recipient['uid'], 'guid' => $conv_guid, 'creator' => $sender_handle,
-		intval($recipient['uid']),
+			'created' => datetime_convert(), 'updated' => datetime_convert(),
-		dbesc($conv_guid),
+			'subject' => $subject, 'recips' => $handles);
-		dbesc($sender_handle),
+	$r = dba::insert('conv', $fields);
 		dbesc(datetime_convert()),
 		dbesc(datetime_convert()),
 		dbesc($subject),
 		dbesc($handles)
 	);
-	$r = q("SELECT * FROM `conv` WHERE `guid` = '%s' AND `uid` = %d LIMIT 1",
+	$r = dba::select('conv', array('id', array('guid' => $conv_guid, 'uid' => $recipient['uid'])), array('limit' => 1));
-		dbesc($conv_guid),
+	if (!dbm::is_result($r)) {
 		intval($recipient['uid'])
 	);
 	if (! dbm::is_result($r)) {
 		logger('send message: conversation not found.');
 		return -4;
 	}
-	$convid = $r[0]['id'];
+	$convid = $r['id'];
 	$r = q("INSERT INTO `mail` ( `uid`, `guid`, `convid`, `from-name`, `from-photo`, `from-url`,
 		`contact-id`, `title`, `body`, `seen`, `reply`, `replied`, `uri`, `parent-uri`, `created`, `unknown`)
--- a/include/photos.php
+++ b/include/photos.php
@ -48,7 +48,7 @@ function photo_albums($uid, $update = false) {
 		if (!Config::get('system', 'no_count', false)) {
 			/// @todo This query needs to be renewed. It is really slow
 			// At this time we just store the data in the cache
-			$albums = qu("SELECT COUNT(DISTINCT `resource-id`) AS `total`, `album`, ANY_VALUE(`created`) AS `created`
+			$albums = q("SELECT COUNT(DISTINCT `resource-id`) AS `total`, `album`, ANY_VALUE(`created`) AS `created`
 				FROM `photo`
 				WHERE `uid` = %d  AND `album` != '%s' AND `album` != '%s' $sql_extra
 				GROUP BY `album` ORDER BY `created` DESC",
@ -58,7 +58,7 @@ function photo_albums($uid, $update = false) {
 			);
 		} else {
 			// This query doesn't do the count and is much faster
-			$albums = qu("SELECT DISTINCT(`album`), '' AS `total`
+			$albums = q("SELECT DISTINCT(`album`), '' AS `total`
 				FROM `photo` USE INDEX (`uid_album_scale_created`)
 				WHERE `uid` = %d  AND `album` != '%s' AND `album` != '%s' $sql_extra",
 				intval($uid),
--- a/include/threads.php
+++ b/include/threads.php
@ -16,11 +16,7 @@ function add_thread($itemid, $onlyshadow = false) {
 	$item['iid'] = $itemid;
 	if (!$onlyshadow) {
-		$result = dbq("INSERT INTO `thread` (`"
+		$result = dba::insert('thread', $item);
 				.implode("`, `", array_keys($item))
 				."`) VALUES ('"
 				.implode("', '", array_values($item))
 				."')");
 		logger("Add thread for item ".$itemid." - ".print_r($result, true), LOGGER_DEBUG);
 	}
--- a/mod/admin.php
+++ b/mod/admin.php
@ -457,7 +457,7 @@ function admin_page_federation(App $a) {
 	foreach ($platforms as $p) {
 		// get a total count for the platform, the name and version of the
 		// highest version and the protocol tpe
-		$c = qu('SELECT COUNT(*) AS `total`, ANY_VALUE(`platform`) AS `platform`,
+		$c = q('SELECT COUNT(*) AS `total`, ANY_VALUE(`platform`) AS `platform`,
 				ANY_VALUE(`network`) AS `network`, MAX(`version`) AS `version` FROM `gserver`
 				WHERE `platform` LIKE "%s" AND `last_contact` >= `last_failure`
 				ORDER BY `version` ASC;', $p);
@ -465,7 +465,7 @@ function admin_page_federation(App $a) {
 		// what versions for that platform do we know at all?
 		// again only the active nodes
-		$v = qu('SELECT COUNT(*) AS `total`, `version` FROM `gserver`
+		$v = q('SELECT COUNT(*) AS `total`, `version` FROM `gserver`
 				WHERE `last_contact` >= `last_failure` AND `platform` LIKE "%s"
 				GROUP BY `version`
 				ORDER BY `version`;', $p);
@ -644,13 +644,13 @@ function admin_page_summary(App $a) {
 	logger('accounts: '.print_r($accounts,true),LOGGER_DATA);
-	$r = qu("SELECT COUNT(`id`) AS `count` FROM `register`");
+	$r = q("SELECT COUNT(`id`) AS `count` FROM `register`");
 	$pending = $r[0]['count'];
-	$r = qu("SELECT COUNT(*) AS `total` FROM `queue` WHERE 1");
+	$r = q("SELECT COUNT(*) AS `total` FROM `queue` WHERE 1");
 	$queue = (($r) ? $r[0]['total'] : 0);
-	$r = qu("SELECT COUNT(*) AS `total` FROM `workerqueue` WHERE NOT `done`");
+	$r = q("SELECT COUNT(*) AS `total` FROM `workerqueue` WHERE NOT `done`");
 	$workerqueue = (($r) ? $r[0]['total'] : 0);
 	// We can do better, but this is a quick queue status
@ -1487,7 +1487,7 @@ function admin_page_users(App $a) {
 	/* get users */
-	$total = qu("SELECT COUNT(*) AS `total` FROM `user` WHERE 1");
+	$total = q("SELECT COUNT(*) AS `total` FROM `user` WHERE 1");
 	if (count($total)) {
 		$a->set_pager_total($total[0]['total']);
 		$a->set_pager_itemspage(100);
@ -1522,7 +1522,7 @@ function admin_page_users(App $a) {
 	$sql_order = "`".str_replace('.','`.`',$order)."`";
 	$sql_order_direction = ($order_direction === "+")?"ASC":"DESC";
-	$users = qu("SELECT `user`.*, `contact`.`name`, `contact`.`url`, `contact`.`micro`, `user`.`account_expired`, `contact`.`last-item` AS `lastitem_date`
+	$users = q("SELECT `user`.*, `contact`.`name`, `contact`.`url`, `contact`.`micro`, `user`.`account_expired`, `contact`.`last-item` AS `lastitem_date`
 				FROM `user`
 				INNER JOIN `contact` ON `contact`.`uid` = `user`.`uid` AND `contact`.`self`
 				WHERE `user`.`verified`
--- a/mod/delegate.php
+++ b/mod/delegate.php
@ -35,10 +35,7 @@ function delegate_content(App $a) {
 				dbesc(normalise_link(System::baseUrl() . '/profile/' . $r[0]['nickname']))
 			);
 			if (dbm::is_result($r)) {
-				q("insert into manage ( uid, mid ) values ( %d , %d ) ",
+				dba::insert('manage', array('uid' => $a->argv[2], 'mid' => local_user()));
 					intval($a->argv[2]),
 					intval(local_user())
 				);
 			}
 		}
 		goaway(System::baseUrl() . '/delegate');
--- a/mod/nodeinfo.php
+++ b/mod/nodeinfo.php
@ -188,7 +188,7 @@ function nodeinfo_cron() {
 	}
        logger('cron_start');
-	$users = qu("SELECT `user`.`uid`, `user`.`login_date`, `contact`.`last-item`
+	$users = q("SELECT `user`.`uid`, `user`.`login_date`, `contact`.`last-item`
 			FROM `user`
 			INNER JOIN `profile` ON `profile`.`uid` = `user`.`uid` AND `profile`.`is-default`
 			INNER JOIN `contact` ON `contact`.`uid` = `user`.`uid` AND `contact`.`self`
@ -220,7 +220,7 @@ function nodeinfo_cron() {
 			Config::set('nodeinfo', 'active_users_monthly', $active_users_monthly);
 	}
-	$posts = qu("SELECT COUNT(*) AS local_posts FROM `thread` WHERE `thread`.`wall` AND `thread`.`uid` != 0");
+	$posts = q("SELECT COUNT(*) AS local_posts FROM `thread` WHERE `thread`.`wall` AND `thread`.`uid` != 0");
 	if (!is_array($posts)) {
 		$local_posts = -1;
@ -231,7 +231,7 @@ function nodeinfo_cron() {
        logger('local_posts: '.$local_posts, LOGGER_DEBUG);
-	$posts = qu("SELECT COUNT(*) FROM `contact`
+	$posts = q("SELECT COUNT(*) FROM `contact`
 			INNER JOIN `item` ON `item`.`contact-id` = `contact`.`id` AND `item`.`uid` = `contact`.`uid` AND
 				`item`.`id` != `item`.`parent` AND `item`.`network` IN ('%s', '%s', '%s')
 			WHERE `contact`.`self`",
--- a/mod/photo.php
+++ b/mod/photo.php
@ -74,7 +74,7 @@ function photo_init(App $a) {
 		$uid = str_replace(array('.jpg','.png'),array('',''), $person);
-		$r = qu("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
+		$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
 			intval($resolution),
 			intval($uid)
 		);
@ -104,7 +104,7 @@ function photo_init(App $a) {
 		}
        // check if the photo exists and get the owner of the photo
-		$r = qu("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
+		$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
 			dbesc($photo),
 			intval($resolution)
 		);
@ -114,7 +114,7 @@ function photo_init(App $a) {
 			// Now we'll see if we can access the photo
-			$r = qu("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1",
+			$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1",
 				dbesc($photo),
 				intval($resolution)
 			);
--- a/mod/photos.php
+++ b/mod/photos.php
@ -29,7 +29,7 @@ function photos_init(App $a) {
 	if ($a->argc > 1) {
 		$nick = $a->argv[1];
-		$user = qu("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
+		$user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
 			dbesc($nick)
 		);
@ -153,7 +153,7 @@ function photos_post(App $a) {
 			}
 			if ($contact_id) {
-				$r = qu("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
+				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
 					intval($contact_id),
 					intval($page_owner_uid)
 				);
@ -170,7 +170,7 @@ function photos_post(App $a) {
 		killme();
 	}
-	$r = qu("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
+	$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
 		WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
 		intval($page_owner_uid)
 	);
@ -192,7 +192,7 @@ function photos_post(App $a) {
 			return; // NOTREACHED
 		}
-		$r = qu("SELECT `album` FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
+		$r = q("SELECT `album` FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
 			dbesc($album),
 			intval($page_owner_uid)
 		);
@ -1378,7 +1378,7 @@ function photos_content(App $a) {
 			else
 				$order = 'DESC';
-			$prvnxt = qu("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0
+			$prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0
 				$sql_extra ORDER BY `created` $order ",
 				dbesc($ph[0]['album']),
 				intval($owner_uid)
@ -1478,7 +1478,7 @@ function photos_content(App $a) {
 		if (dbm::is_result($linked_items)) {
 			$link_item = $linked_items[0];
-			$r = qu("SELECT COUNT(*) AS `total`
+			$r = q("SELECT COUNT(*) AS `total`
 				FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
 				WHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0
 				AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
@ -1495,7 +1495,7 @@ function photos_content(App $a) {
 			}
-			$r = qu("SELECT `item`.*, `item`.`id` AS `item_id`,
+			$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
 				`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`network`,
 				`contact`.`rel`, `contact`.`thumb`, `contact`.`self`,
 				`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
@ -1835,7 +1835,7 @@ function photos_content(App $a) {
 	// Default - show recent photos with upload link (if applicable)
 	//$o = '';
-	$r = qu("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
+	$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
 		$sql_extra GROUP BY `resource-id`",
 		intval($a->data['user']['uid']),
 		dbesc('Contact Photos'),
@ -1846,7 +1846,7 @@ function photos_content(App $a) {
 		$a->set_pager_itemspage(20);
 	}
-	$r = qu("SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`,
+	$r = q("SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`,
 		ANY_VALUE(`type`) AS `type`, ANY_VALUE(`album`) AS `album`, max(`scale`) AS `scale`,
 		ANY_VALUE(`created`) AS `created` FROM `photo`
 		WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
--- a/mod/ping.php
+++ b/mod/ping.php
@ -118,7 +118,7 @@ function ping_init(App $a)
 		$notifs = ping_get_notifications(local_user());
-		$items_unseen = qu("SELECT `item`.`id`, `item`.`parent`, `item`.`verb`, `item`.`wall`, `item`.`author-name`,
+		$items_unseen = q("SELECT `item`.`id`, `item`.`parent`, `item`.`verb`, `item`.`wall`, `item`.`author-name`,
 				`item`.`contact-id`, `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object`,
 				`pitem`.`author-name` AS `pname`, `pitem`.`author-link` AS `plink`
 				FROM `item` INNER JOIN `item` AS `pitem` ON  `pitem`.`id` = `item`.`parent`
@ -167,13 +167,13 @@ function ping_init(App $a)
 			}
 		}
-		$intros1 = qu("SELECT  `intro`.`id`, `intro`.`datetime`,
+		$intros1 = q("SELECT  `intro`.`id`, `intro`.`datetime`,
 			`fcontact`.`name`, `fcontact`.`url`, `fcontact`.`photo`
 			FROM `intro` LEFT JOIN `fcontact` ON `intro`.`fid` = `fcontact`.`id`
 			WHERE `intro`.`uid` = %d  AND `intro`.`blocked` = 0 AND `intro`.`ignore` = 0 AND `intro`.`fid` != 0",
 			intval(local_user())
 		);
-		$intros2 = qu("SELECT `intro`.`id`, `intro`.`datetime`,
+		$intros2 = q("SELECT `intro`.`id`, `intro`.`datetime`,
 			`contact`.`name`, `contact`.`url`, `contact`.`photo`
 			FROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id`
 			WHERE `intro`.`uid` = %d  AND `intro`.`blocked` = 0 AND `intro`.`ignore` = 0 AND `intro`.`contact-id` != 0",
@ -184,7 +184,7 @@ function ping_init(App $a)
 		$intros = $intros1 + $intros2;
 		$myurl = System::baseUrl() . '/profile/' . $a->user['nickname'] ;
-		$mails = qu("SELECT `id`, `from-name`, `from-url`, `from-photo`, `created` FROM `mail`
+		$mails = q("SELECT `id`, `from-name`, `from-url`, `from-photo`, `created` FROM `mail`
 			WHERE `uid` = %d AND `seen` = 0 AND `from-url` != '%s' ",
 			intval(local_user()),
 			dbesc($myurl)
@ -192,7 +192,7 @@ function ping_init(App $a)
 		$mail_count = count($mails);
 		if ($a->config['register_policy'] == REGISTER_APPROVE && is_site_admin()){
-			$regs = qu("SELECT `contact`.`name`, `contact`.`url`, `contact`.`micro`, `register`.`created`, COUNT(*) AS `total`
+			$regs = q("SELECT `contact`.`name`, `contact`.`url`, `contact`.`micro`, `register`.`created`, COUNT(*) AS `total`
 				FROM `contact` RIGHT JOIN `register` ON `register`.`uid` = `contact`.`uid`
 				WHERE `contact`.`self` = 1");
@ -204,7 +204,7 @@ function ping_init(App $a)
 		$cachekey = "ping_init:".local_user();
 		$ev = Cache::get($cachekey);
 		if (is_null($ev)) {
-			$ev = qu("SELECT type, start, adjust FROM `event`
+			$ev = q("SELECT type, start, adjust FROM `event`
 				WHERE `event`.`uid` = %d AND `start` < '%s' AND `finish` > '%s' and `ignore` = 0
 				ORDER BY `start` ASC ",
 				intval(local_user()),
@ -424,7 +424,7 @@ function ping_get_notifications($uid)
 	$a = get_app();
 	do {
-		$r = qu("SELECT `notify`.*, `item`.`visible`, `item`.`spam`, `item`.`deleted`
+		$r = q("SELECT `notify`.*, `item`.`visible`, `item`.`spam`, `item`.`deleted`
 			FROM `notify` LEFT JOIN `item` ON `item`.`id` = `notify`.`iid`
 			WHERE `notify`.`uid` = %d AND `notify`.`msg` != ''
 			AND NOT (`notify`.`type` IN (%d, %d))
--- a/mod/profiles.php
+++ b/mod/profiles.php
@ -108,13 +108,7 @@ function profiles_init(App $a) {
 		$r1[0]['net-publish'] = 0;
 		$r1[0]['profile-name'] = dbesc($name);
-		dbm::esc_array($r1[0], true);
+		dba::insert('profile', $r1[0]);
 		$r2 = dbq("INSERT INTO `profile` (`"
 			. implode("`, `", array_keys($r1[0]))
 			. "`) VALUES ("
 			. implode(", ", array_values($r1[0]))
 			. ")" );
 		$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
 			intval(local_user()),
--- a/mod/proxy.php
+++ b/mod/proxy.php
@ -142,10 +142,10 @@ function proxy_init(App $a) {
 	$r = array();
 	if (!$direct_cache && ($cachefile == '')) {
-		$r = qu("SELECT * FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", $urlhash);
+		$r = dba::select('photo', array('data', 'desc'), array('resource-id' => $urlhash), array('limit' => 1));
 		if (dbm::is_result($r)) {
-			$img_str = $r[0]['data'];
+			$img_str = $r['data'];
-			$mime = $r[0]['desc'];
+			$mime = $r['desc'];
 			if ($mime == '') {
 				$mime = 'image/jpeg';
 			}
@ -181,23 +181,11 @@ function proxy_init(App $a) {
 				die();
 			}
-			q("INSERT INTO `photo`
+			$fields = array('uid' => 0, 'contact-id' => 0, 'guid' => get_guid(), 'resource-id' => $urlhash, 'created' => datetime_convert(), 'edited' => datetime_convert(),
-			( `uid`, `contact-id`, `guid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `desc`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
+				'filename' => basename($_REQUEST['url']), 'type' => '', 'album' => '', 'height' => imagesy($image), 'width' => imagesx($image),
-			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' )",
+				'datasize' => 0, 'data' => $img_str, 'scale' => 100, 'profile' => 0,
-				0, 0, get_guid(), dbesc($urlhash),
+				'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '', 'desc' => $mime);
-				dbesc(datetime_convert()),
+			dba::insert('photo', $fields);
 				dbesc(datetime_convert()),
 				dbesc(basename(dbesc($_REQUEST['url']))),
 				dbesc(''),
 				intval(imagesy($image)),
 				intval(imagesx($image)),
 				$mime,
 				dbesc($img_str),
 				100,
 				intval(0),
 				dbesc(''), dbesc(''), dbesc(''), dbesc('')
 			);
 		} else {
 			$img = new Photo($img_str, $mime);
 			if ($img->is_valid() && !$direct_cache && ($cachefile == '')) {
--- a/mod/search.php
+++ b/mod/search.php
@ -11,7 +11,7 @@ function search_saved_searches() {
 	$o = '';
-	if(! feature_enabled(local_user(),'savedsearch'))
+	if (! feature_enabled(local_user(),'savedsearch'))
 		return $o;
 	$r = q("SELECT `id`,`term` FROM `search` WHERE `uid` = %d",
@ -50,30 +50,23 @@ function search_init(App $a) {
 	$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
-	if(local_user()) {
+	if (local_user()) {
-		if(x($_GET,'save') && $search) {
+		if (x($_GET,'save') && $search) {
 			$r = q("SELECT * FROM `search` WHERE `uid` = %d AND `term` = '%s' LIMIT 1",
 				intval(local_user()),
 				dbesc($search)
 			);
-			if (! dbm::is_result($r)) {
+			if (!dbm::is_result($r)) {
-				q("INSERT INTO `search` (`uid`,`term`) VALUES ( %d, '%s')",
+				dbm::insert('search', array('uid' => local_user(), 'term' => $search));
 					intval(local_user()),
 					dbesc($search)
 				);
 			}
 		}
-		if(x($_GET,'remove') && $search) {
+		if (x($_GET,'remove') && $search) {
-			q("DELETE FROM `search` WHERE `uid` = %d AND `term` = '%s' LIMIT 1",
+			dbm::delete('search', array('uid' => local_user(), 'term' => $search));
 				intval(local_user()),
 				dbesc($search)
 			);
 		}
 		$a->page['aside'] .= search_saved_searches();
-	}
+	} else {
 	else {
 		unset($_SESSION['theme']);
 		unset($_SESSION['mobile-theme']);
 	}
@ -85,7 +78,7 @@ function search_init(App $a) {
 function search_post(App $a) {
-	if(x($_POST,'search'))
+	if (x($_POST,'search'))
 		$a->data['search'] = $_POST['search'];
 }
@ -135,13 +128,13 @@ function search_content(App $a) {
 	nav_set_selected('search');
-	if(x($a->data,'search'))
+	if (x($a->data,'search'))
 		$search = notags(trim($a->data['search']));
 	else
 		$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
 	$tag = false;
-	if(x($_GET,'tag')) {
+	if (x($_GET,'tag')) {
 		$tag = true;
 		$search = ((x($_GET,'tag')) ? notags(trim(rawurldecode($_GET['tag']))) : '');
 	}
@ -154,18 +147,18 @@ function search_content(App $a) {
 		'$content' => search($search,'search-box','search',((local_user()) ? true : false), false)
 	));
-	if(strpos($search,'#') === 0) {
+	if (strpos($search,'#') === 0) {
 		$tag = true;
 		$search = substr($search,1);
 	}
-	if(strpos($search,'@') === 0) {
+	if (strpos($search,'@') === 0) {
 		return dirfind_content($a);
 	}
-	if(strpos($search,'!') === 0) {
+	if (strpos($search,'!') === 0) {
 		return dirfind_content($a);
 	}
-	if(x($_GET,'search-option'))
+	if (x($_GET,'search-option'))
 		switch($_GET['search-option']) {
 			case 'fulltext':
 				break;
@ -180,7 +173,7 @@ function search_content(App $a) {
 				break;
 		}
-	if(! $search)
+	if (! $search)
 		return $o;
 	if (get_config('system','only_tag_search'))
@ -191,7 +184,7 @@ function search_content(App $a) {
 	// OR your own posts if you are a logged in member
 	// No items will be shown if the member has a blocked profile wall.
-	if($tag) {
+	if ($tag) {
 		logger("Start tag search for '".$search."'", LOGGER_DEBUG);
 		$r = q("SELECT %s
@ -224,7 +217,7 @@ function search_content(App $a) {
 	}
-	if($tag)
+	if ($tag)
 		$title = sprintf( t('Items tagged with: %s'), $search);
 	else
 		$title = sprintf( t('Results for: %s'), $search);
--- a/mod/settings.php
+++ b/mod/settings.php
@ -231,17 +231,12 @@ function settings_post(App $a) {
 					intval(local_user())
 				);
 				if (! dbm::is_result($r)) {
-					q("INSERT INTO `mailacct` (`uid`) VALUES (%d)",
+					dba::insert('mailacct', array('uid' => local_user()));
 						intval(local_user())
 					);
 				}
 				if(strlen($mail_pass)) {
 					$pass = '';
 					openssl_public_encrypt($mail_pass,$pass,$a->user['pubkey']);
-					q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d",
+					dba::update('mailacct', array('pass' => bin2hex($pass)), array('uid' => local_user()));
 						dbesc(bin2hex($pass)),
 						intval(local_user())
 					);
 				}
 				$r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',
 					`action` = %d, `movetofolder` = '%s',
--- a/mod/suggest.php
+++ b/mod/suggest.php
@ -39,10 +39,7 @@ function suggest_init(App $a) {
 		}
 		// Now check how the user responded to the confirmation query
 		if (!$_REQUEST['canceled']) {
-			q("INSERT INTO `gcign` ( `uid`, `gcid` ) VALUES ( %d, %d ) ",
+			dba::insert('gcign', array('uid' => local_user(), 'gcid' => $_GET['ignore']));
 				intval(local_user()),
 				intval($_GET['ignore'])
 			);
 		}
 	}
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@ -138,21 +138,12 @@ function wall_attach_post(App $a) {
 	$mimetype = z_mime_content_type($filename);
 	$hash = get_guid(64);
 	$created = datetime_convert();
-	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
+
-		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+	$fields = array('uid' => $page_owner_uid, 'hash' => $hash, 'filename' => $filename, 'filetype' => $mimetype,
-		intval($page_owner_uid),
+		'filesize' => $filesize, 'data' => $filedata, 'created' => $created, 'edited' => $created,
-		dbesc($hash),
+		'allow_cid' => '<' . $page_owner_cid . '>', 'allow_gid' => '','deny_cid' => '', 'deny_gid' => '');
-		dbesc($filename),
+
-		dbesc($mimetype),
+	$r = dba::insert('attach', $fields);
 		intval($filesize),
 		dbesc($filedata),
 		dbesc($created),
 		dbesc($created),
 		dbesc('<' . $page_owner_cid . '>'),
 		dbesc(''),
 		dbesc(''),
 		dbesc('')
 	);
 	@unlink($src);