0
@@ -64,10 +64,8 @@
0
       $options["from"] = (array) $options["from"];
0
       $options["select"] = (array) $options["select"];
0
 
0
-      if (is_numeric($id)) {
0
-        $options["where"][] = "id = :id";
0
-        $options["params"][":id"] = $id;
0
-      }
0
+      if (is_numeric($id))
0
+        $options["where"]["id"] = $id;
0
 
0
       $trigger = Trigger::current();
0
       $trigger->filter($options, $model_name."_grab");

0
@@ -56,7 +56,7 @@
0
           break;
0
         case "mysqli":
0
           foreach ($params as $name => $val)
0
-            $query = preg_replace("/{$name}([^a-zA-Z0-9_]|$)/", "'".$this->escape($val)."'\\1", $query);
0
+            $query = preg_replace("/{$name}([^a-zA-Z0-9_]|$)/", SQL::current()->escape($val)."\\1", $query);
0
 
0
           try {
0
             if (!$this->query = $this->db->query($query))
0
@@ -67,7 +67,7 @@
0
           break;
0
         case "mysql":
0
           foreach ($params as $name => $val)
0
-            $query = preg_replace("/{$name}([^a-zA-Z0-9_]|$)/", "'".$this->escape($val)."'\\1", $query);
0
+            $query = preg_replace("/{$name}([^a-zA-Z0-9_]|$)/", SQL::current()->escape($val)."\\1", $query);
0
 
0
           try {
0
             if (!$this->query = @mysql_query($query))
0
@@ -156,30 +156,6 @@
0
     }
0
 
0
     /**
0
-     * Function: escape
0
-     * Escapes a string, escaping things like $1 and C:\foo\bar so that they don't get borked by the preg_replace.
0
-     * This also handles calling the SQL connection method's "escape_string" functions.
0
-     */
0
-    public function escape($string) {
0
-      switch(SQL::current()->method()) {
0
-        case "pdo":
0
-          $string = $this->db->quote($string);
0
-          break;
0
-        case "mysqli":
0
-          $string = $this->db->escape_string($string);
0
-          break;
0
-        case "mysql":
0
-          $string = mysql_real_escape_string($string);
0
-          break;
0
-      }
0
-
0
-      $string = str_replace('\\', '\\\\', $string);
0
-      $string = str_replace('$', '\$', $string);
0
-
0
-      return $string;
0
-    }
0
-
0
-    /**
0
      * Function: handle
0
      * Handles exceptions thrown by failed queries.
0
      */

0
@@ -68,11 +68,11 @@
0
      * Function: build_update
0
      * Creates a full update query.
0
      */
0
-    public static function build_update($table, $conds, $data) {
0
+    public static function build_update($table, $conds, $data, &$params = array()) {
0
       return "
0
         UPDATE __$table
0
         SET ".self::build_update_values($data)."
0
-        ".($conds ? "WHERE ".self::build_where($conds, $table) : "")."
0
+        ".($conds ? "WHERE ".self::build_where($conds, $table, $params) : "")."
0
       ";
0
     }
0
 
0
@@ -80,10 +80,10 @@
0
      * Function: build_delete
0
      * Creates a full delete query.
0
      */
0
-    public static function build_delete($table, $conds) {
0
+    public static function build_delete($table, $conds, &$params = array()) {
0
       return "
0
         DELETE FROM __$table
0
-        ".($conds ? "WHERE ".self::build_where($conds, $table) : "")."
0
+        ".($conds ? "WHERE ".self::build_where($conds, $table, $params) : "")."
0
       ";
0
     }
0
 
0
@@ -118,11 +118,11 @@
0
      * Function: build_count
0
      * Creates a SELECT COUNT(1) query.
0
      */
0
-    public static function build_count($tables, $conds) {
0
+    public static function build_count($tables, $conds, &$params = array()) {
0
       $query = "
0
         SELECT COUNT(1) AS count
0
         FROM ".self::build_from($tables);
0
-      $query.= "\n\t\t\t\t".($conds ? "WHERE ".self::build_where($conds, $tables) : "");
0
+      $query.= "\n\t\t\t\t".($conds ? "WHERE ".self::build_where($conds, $tables, $params) : "");
0
       return $query;
0
     }
0
 
0
@@ -146,12 +146,11 @@
0
      * Function: build_where
0
      * Creates a WHERE query.
0
      */
0
-    public static function build_where($conds, $tables = null) {
0
-      $conditions = (array) $conds;
0
+    public static function build_where($conds, $tables = null, &$params = array()) {
0
+      $conds = (array) $conds;
0
       $tables = (array) $tables;
0
 
0
-      foreach ($conditions as &$condition)
0
-        self::tablefy($condition, $tables);
0
+      $conditions = self::build_conditions($conds, $params, $tables);
0
 
0
       return implode(" AND ", array_filter($conditions));
0
     }
0
@@ -186,19 +185,68 @@
0
       return implode(", ", $order);
0
     }
0
 
0
+    public static function build_conditions($conds, &$params, $tables) {
0
+      foreach ($conds as $key => $val) {
0
+        if (is_numeric($key)) # Full expression
0
+          $cond = $val;
0
+        else { # Key => Val expression
0
+          if (substr($key, -4) == " not") { # Negation
0
+            $key = substr($key, 0, -4);
0
+            if (is_array($val))
0
+              $cond = $key." NOT IN ".self::build_in($val);
0
+            elseif ($val === null)
0
+              $cond = $key." IS NOT NULL";
0
+            else {
0
+              $cond = $key." != :".$key;
0
+              $params[":".$key] = $val;
0
+            }
0
+          } elseif (substr($key, -5) == " like") { # LIKE
0
+            $key = substr($key, 0, -5);
0
+            $cond = $key." LIKE :".$key;
0
+            $params[":".$key] = $val;
0
+          } elseif (substr($key, -9) == " not like") { # NOT LIKE
0
+            $key = substr($key, 0, -9);
0
+            $cond = $key." NOT LIKE :".$key;
0
+            $params[":".$key] = $val;
0
+          } else { # Equation
0
+            if (is_array($val))
0
+              $cond = $key." IN ".self::build_in($val);
0
+            elseif ($val === null)
0
+              $cond = $key." IS NULL";
0
+            else {
0
+              $cond = $key." = :".$key;
0
+              $params[":".$key] = $val;
0
+            }
0
+          }
0
+        }
0
+
0
+        self::tablefy($cond, $tables);
0
+        $conditions[] = $cond;
0
+      }
0
+
0
+      return $conditions;
0
+    }
0
+
0
+    public static function build_in($vals) {
0
+      $return = array();
0
+      foreach ($vals as $val)
0
+        $return[] = SQL::current()->escape($val);
0
+      return "(".join(",", $return).")";
0
+    }
0
+
0
     /**
0
      * Function: build_select
0
      * Creates a full SELECT query.
0
      */
0
-    public static function build_select($tables, $fields, $conds, $order = null, $limit = null, $offset = null, $group = null, $left_join = null) {
0
+    public static function build_select($tables, $fields, $conds, $order = null, $limit = null, $offset = null, $group = null, $left_join = null, &$params = array()) {
0
       $query = "
0
         SELECT ".self::build_select_header($fields, $tables)."
0
         FROM ".self::build_from($tables);
0
       if (isset($left_join))
0
         foreach ($left_join as $join)
0
-          $query.= "\n\t\t\t\tLEFT JOIN __".$join["table"]." ON ".self::build_where($join["where"], $join["table"]);
0
+          $query.= "\n\t\t\t\tLEFT JOIN __".$join["table"]." ON ".self::build_where($join["where"], $join["table"], $params);
0
       $query.= "
0
-        ".($conds ? "WHERE ".self::build_where($conds, $tables) : "")."
0
+        ".($conds ? "WHERE ".self::build_where($conds, $tables, $params) : "")."
0
         ".($group ? "GROUP BY ".self::build_group($group, $tables) : "")."
0
         ".($order ? "ORDER BY ".self::build_order($order, $tables) : "")."
0
         ".self::build_limits($offset, $limit)."

0
@@ -194,7 +194,7 @@
0
      *     $params - An associative array of parameters used in the query.
0
      */
0
     public function count($tables, $conds = null, $params = array(), $throw_exceptions = false) {
0
-      return $this->query(QueryBuilder::build_count($tables, $conds), $params, $throw_exceptions)->fetchColumn();
0
+      return $this->query(QueryBuilder::build_count($tables, $conds, $params), $params, $throw_exceptions)->fetchColumn();
0
     }
0
 
0
     /**
0
@@ -213,7 +213,7 @@
0
      *     $left_join - An array of additional LEFT JOINs.
0
      */
0
     public function select($tables, $fields = "*", $conds = null, $order = null, $params = array(), $limit = null, $offset = null, $group = null, $left_join = null, $throw_exceptions = false) {
0
-      return $this->query(QueryBuilder::build_select($tables, $fields, $conds, $order, $limit, $offset, $group, $left_join), $params, $throw_exceptions);
0
+      return $this->query(QueryBuilder::build_select($tables, $fields, $conds, $order, $limit, $offset, $group, $left_join, $params), $params, $throw_exceptions);
0
     }
0
 
0
     /**
0
@@ -253,7 +253,7 @@
0
      *     $params - An associative array of parameters used in the query.
0
      */
0
     public function update($table, $conds, $data, $params = array(), $throw_exceptions = false) {
0
-      return $this->query(QueryBuilder::build_update($table, $conds, $data), $params, $throw_exceptions);
0
+      return $this->query(QueryBuilder::build_update($table, $conds, $data, $params), $params, $throw_exceptions);
0
     }
0
 
0
     /**
0
@@ -266,7 +266,7 @@
0
      *     $params - An associative array of parameters used in the query.
0
      */
0
     public function delete($table, $conds, $params = array(), $throw_exceptions = false) {
0
-      return $this->query(QueryBuilder::build_delete($table, $conds), $params, $throw_exceptions);
0
+      return $this->query(QueryBuilder::build_delete($table, $conds, $params), $params, $throw_exceptions);
0
     }
0
 
0
     /**
0
@@ -288,12 +288,27 @@
0
     }
0
 
0
     /**
0
-     * Function: current
0
-     * Returns a singleton reference to the current connection.
0
+     * Function: escape
0
+     * Escapes a string, escaping things like $1 and C:\foo\bar so that they don't get borked by the preg_replace.
0
+     * This also handles calling the SQL connection method's "escape_string" functions.
0
      */
0
-    public static function & current() {
0
-      static $instance = null;
0
-      return $instance = (empty($instance)) ? new self() : $instance ;
0
+    public function escape($string) {
0
+      switch(SQL::current()->method()) {
0
+        case "pdo":
0
+          $string = $this->db->quote($string);
0
+          break;
0
+        case "mysqli":
0
+          $string = "'".$this->db->escape_string($string)."'";
0
+          break;
0
+        case "mysql":
0
+          $string = "'".mysql_real_escape_string($string)."'";
0
+          break;
0
+      }
0
+
0
+      $string = str_replace('\\', '\\\\', $string);
0
+      $string = str_replace('$', '\$', $string);
0
+
0
+      return $string;
0
     }
0
 
0
     /**
0
@@ -343,6 +358,15 @@
0
     public function second_from_datetime($datetime) {
0
       return when("s", $datetime);
0
     }
0
+
0
+    /**
0
+     * Function: current
0
+     * Returns a singleton reference to the current connection.
0
+     */
0
+    public static function & current() {
0
+      static $instance = null;
0
+      return $instance = (empty($instance)) ? new self() : $instance ;
0
+    }
0
   }
0
 
0
   $sql = SQL::current();

0
@@ -183,16 +183,12 @@
0
       fallback($_GET['query'], "");
0
       list($where, $params) = keywords(urldecode($_GET['query']), "xml LIKE :query");
0
 
0
-      if (!empty($_GET['month'])) {
0
-        $where[] = "created_at LIKE :when";
0
-        $params[":when"] = $_GET['month']."-%";
0
-      }
0
+      if (!empty($_GET['month']))
0
+        $where["created_at like"] = $_GET['month']."-%";
0
 
0
       $visitor = Visitor::current();
0
-      if (!$visitor->group()->can("view_draft", "edit_draft", "edit_post", "delete_draft", "delete_post")) {
0
-        $where[] = "user_id = :visitor_id";
0
-        $params[':visitor_id'] = $visitor->id;
0
-      }
0
+      if (!$visitor->group()->can("view_draft", "edit_draft", "edit_post", "delete_draft", "delete_post"))
0
+        $where["user_id"] = $visitor->id;
0
 
0
       $this->context["posts"] = new Paginator(Post::find(array("placeholders" => true,
0
                                                                "drafts" => true,
0
@@ -243,7 +239,7 @@
0
         error(__("No ID Specified"), __("An ID is required to edit a page."));
0
 
0
       $this->context["page"] = new Page($_GET['id'], array("filter" => false));
0
-      $this->context["pages"] = Page::find(array("where" => "id != :id", "params" => array(":id" => $_GET['id'])));
0
+      $this->context["pages"] = Page::find(array("where" => array("id not" => $_GET['id'])));
0
     }
0
 
0
     /**
0
@@ -335,7 +331,9 @@
0
       fallback($_GET['query'], "");
0
       list($where, $params) = keywords(urldecode($_GET['query']), "(title LIKE :query OR body LIKE :query)");
0
 
0
-      $this->context["pages"] = new Paginator(Page::find(array("placeholders" => true, "where" => $where, "params" => $params)), 25);
0
+      $this->context["pages"] = new Paginator(Page::find(array("placeholders" => true,
0
+                                                               "where" => $where,
0
+                                                               "params" => $params)), 25);
0
     }
0
 
0
     /**
0
@@ -349,8 +347,8 @@
0
       $config = Config::current();
0
 
0
       $this->context["default_group"] = new Group($config->default_group);
0
-      $this->context["groups"] = Group::find(array("where" => array("id != :guest_id", "id != :default_id"),
0
-                                                   "params" => array(":guest_id" => $config->guest_group, ":default_id" => $config->default_group),
0
+      $this->context["groups"] = Group::find(array("where" => array("id not" => array($config->guest_group,
0
+                                                                                      $config->default_group)),
0
                                                    "order" => "id DESC"));
0
     }
0
 
0
@@ -368,8 +366,7 @@
0
       if (empty($_POST['login']))
0
         error(__("Error"), __("Please enter a username for your account."));
0
 
0
-      $check = new User(null, array("where" => "login = :login",
0
-                                    "params" => array(":login" => $_POST['login'])));
0
+      $check = new User(null, array("where" => array("login" => $_POST['login'])));
0
       if (!$check->no_results)
0
         error(__("Error"), __("That username is already in use."));
0
 
0
@@ -400,8 +397,7 @@
0
 
0
       $this->context["user"] = new User($_GET['id']);
0
       $this->context["groups"] = Group::find(array("order" => "id ASC",
0
-                                                   "where" => "id != :guest_id",
0
-                                                   "params" => array(":guest_id" => Config::current()->guest_group)));
0
+                                                   "where" => array("id not" => Config::current()->guest_group)));
0
     }
0
 
0
     /**
0
@@ -446,8 +442,7 @@
0
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete users."));
0
 
0
       $this->context["user"] = new User($_GET['id']);
0
-      $this->context["users"] = User::find(array("where" => "id != :deleting_id",
0
-                                                 "params" => array(":deleting_id" => $_GET['id'])));
0
+      $this->context["users"] = User::find(array("where" => array("id not" => $_GET['id'])));
0
     }
0
 
0
     /**
0
@@ -585,9 +580,8 @@
0
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete groups."));
0
 
0
       $this->context["group"] = new Group($_GET['id']);
0
-      $this->context["groups"] = Group::find(array("where" => "id != :group_id",
0
-                                                   "order" => "id ASC",
0
-                                                   "params" => array(":group_id" => $_GET['id'])));
0
+      $this->context["groups"] = Group::find(array("where" => array("id not" => $_GET['id']),
0
+                                                   "order" => "id ASC"));
0
     }
0
 
0
     /**
0
@@ -632,7 +626,7 @@
0
         show_403(__("Access Denied"), __("You do not have sufficient privileges to manage groups."));
0
 
0
       if (!empty($_GET['search'])) {
0
-        $user = new User(null, array("where" => "login = :search", "params" => array(":search" => $_GET['search'])));
0
+        $user = new User(null, array("where" => array("login" => $_GET['search'])));
0
         $this->context["groups"] = array($user->group());
0
       } else
0
         $this->context["groups"] = new Paginator(Group::find(array("placeholders" => true, "order" => "id ASC")), 10);

0
@@ -25,13 +25,11 @@
0
 
0
       if (isset($_GET['day']))
0
         $posts = new Paginator(Post::find(array("placeholders" => true,
0
-                                                "where" => "created_at LIKE :date",
0
-                                                "params" => array(":date" => $_GET['year']."-".$_GET['month']."-".$_GET['day']."%"))),
0
+                                                "where" => array("created_at like" => $_GET['year']."-".$_GET['month']."-".$_GET['day']."%"))),
0
                                Config::current()->posts_per_page);
0
       else
0
         $posts = new Paginator(Post::find(array("placeholders" => true,
0
-                                                "where" => "created_at LIKE :date",
0
-                                                "params" => array(":date" => $_GET['year']."-".$_GET['month']."%"))),
0
+                                                "where" => array("created_at like" => $_GET['year']."-".$_GET['month']."%"))),
0
                                Config::current()->posts_per_page);
0
     }
0
 
0
@@ -70,9 +68,8 @@
0
 
0
       global $posts;
0
       $posts = new Paginator(Post::find(array("placeholders" => true,
0
-                                              "where" => array("status = 'draft'",
0
-                                                               "user_id = :current_user"),
0
-                                              "params" => array(":current_user" => $visitor->id))),
0
+                                              "where" => array("status" => "draft",
0
+                                                               "user_id" => $visitor->id))),
0
                            Config::current()->posts_per_page);
0
     }
0
 
0
@@ -84,7 +81,7 @@
0
       global $page;
0
 
0
       if (!isset($page))
0
-        $page = new Page(null, array("where" => "url = :url", "params" => array(":url" => $_GET['url'])));
0
+        $page = new Page(null, array("where" => array("url" => $_GET['url'])));
0
     }
0
 
0
     /**
0
@@ -118,8 +115,7 @@
0
       $get = array_map("urldecode", $_GET);
0
 
0
       if (!$config->clean_urls)
0
-        $post = new Post(null, array("where" => "url = :url",
0
-                                     "params" => array(":url" => fallback($get['url']))));
0
+        $post = new Post(null, array("where" => array("url" => fallback($get['url']))));
0
       else
0
         $post = Post::from_url($route->post_url_attrs, array("drafts" => true));
0
 
0
@@ -187,8 +183,7 @@
0
       if (empty($_POST['login']))
0
         return Flash::warning(__("Please enter a username for your account."));
0
 
0
-      if (count(User::find(array("where" => "login = :login",
0
-                                 "params" => array(":login" => $_POST['login'])))))
0
+      if (count(User::find(array("where" => array("login" => $_POST['login'])))))
0
         Flash::warning(__("That username is already in use."));
0
 
0
       if (empty($_POST['password1']) and empty($_POST['password2']))
0
@@ -227,8 +222,7 @@
0
       fallback($_POST['password']);
0
 
0
       if (!User::authenticate($_POST['login'], md5($_POST['password'])))
0
-        if (!count(User::find(array("where" => "login = :login",
0
-                                   "params" => array(":login" => $_POST['login'])))))
0
+        if (!count(User::find(array("where" => array("login" => $_POST['login'])))))
0
           Flash::warning(__("There is no user with that login name."));
0
         else
0
           Flash::warning(__("Password incorrect."));
0
@@ -294,7 +288,7 @@
0
       if (empty($_POST))
0
         return;
0
 
0
-      $user = new User(null, array("where" => "login = :login", "params" => array(":login" => $_POST['login'])));
0
+      $user = new User(null, array("where" => array("login" => $_POST['login'])));
0
       if ($user->no_results)
0
         return Flash::warning(__("Invalid user specified."));
0
 

0
@@ -1551,17 +1551,14 @@
0
         $where[] = strtoupper($test)."(created_at) = :created_".$test;
0
         $params[":created_".$test] = $equals;
0
       } elseif ($test == "author") {
0
-        $user = new User(null, array("where" => "login = :login", "params" => array(":login" => $equals)));
0
-        $where[] = "user_id = :user_id";
0
-        $params[":user_id"] = $user->id;
0
+        $user = new User(null, array("where" => array("login" => $equals)));
0
+        $where["user_id"] = $user->id;
0
       } elseif ($test == "group") {
0
-        $group = new Group(null, array("where" => "name = :name", "params" => array(":name" => $equals)));
0
+        $group = new Group(null, array("where" => array("name" => $equals)));
0
         $test = "group_id";
0
         $equals = ($group->no_results) ? 0 : $group->id ;
0
-      } else {
0
-        $where[] = $test." = :".$test;
0
-        $params[":".$test] = $equals;
0
-      }
0
+      } else
0
+        $where[$test] = $equals;
0
     }
0
 
0
     if (!empty($search)) {

0
@@ -175,8 +175,7 @@
0
       if ($this->no_results)
0
         return false;
0
 
0
-      return User::find(array("where" => "group_id = :group_id",
0
-                              "params" => array(":group_id" => $this->id)));
0
+      return User::find(array("where" => array("group_id" => $this->id)));
0
     }
0
 
0
     /**

0
@@ -231,7 +231,7 @@
0
       if ($this->no_results)
0
         return false;
0
 
0
-      return self::find(array("where" => "parent_id = :id", "params" => array(":id" => $this->id)));
0
+      return self::find(array("where" => array("parent_id" => $this->id)));
0
     }
0
 
0
     /**

0
@@ -68,8 +68,8 @@
0
         $options["where"] = array();
0
 
0
       $has_status = false;
0
-      foreach ($options["where"] as $where)
0
-        if (substr_count($where, "status"))
0
+      foreach ($options["where"] as $key => $val)
0
+        if (is_int($key) and substr_count($val, "status") or $key == "status")
0
           $has_status = true;
0
 
0
       if (!XML_RPC) {
0
@@ -351,12 +351,12 @@
0
 
0
       # Can they edit their own posts, and do they have any?
0
       if ($visitor->group()->can("edit_own_post") and
0
-          Post::find(array("where" => "user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          Post::find(array("where" => array("user_id" => $visitor->id))))
0
         return true;
0
 
0
       # Can they edit their own drafts, and do they have any?
0
       if ($visitor->group()->can("edit_own_draft") and
0
-          Post::find(array("where" => "status = 'draft' and user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          Post::find(array("where" => array("status" => "draft", "user_id" => $visitor->id))))
0
         return true;
0
 
0
       return false;
0
@@ -380,12 +380,12 @@
0
 
0
       # Can they delete their own posts, and do they have any?
0
       if ($visitor->group()->can("delete_own_post") and
0
-          Post::find(array("where" => "user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          Post::find(array("where" => array("user_id" => $visitor->id))))
0
         return true;
0
 
0
       # Can they delete their own drafts, and do they have any?
0
       if ($visitor->group()->can("delete_own_draft") and
0
-          Post::find(array("where" => "status = 'draft' and user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          Post::find(array("where" => array("status" => "draft", "user_id" => $visitor->id))))
0
         return true;
0
 
0
       return false;
0
@@ -770,19 +770,17 @@
0
         if (in_array($attr, $times)) {
0
           $where[] = strtoupper($attr)."(created_at) = :created_".$attr;
0
           $params[':created_'.$attr] = $get[$attr];
0
-        } elseif ($attr == "author") {
0
-          $where[] = "user_id = :attrauthor";
0
-          $params[':attrauthor'] = SQL::current()->select("users",
0
+        } elseif ($attr == "author")
0
+          $where["user_id"] = SQL::current()->select("users",
0
                                                 "id",
0
                                                 "login = :login",
0
                                                 "id",
0
                                                 array(
0
                                                     ":login" => $get['author']
0
                                                 ), 1)->fetchColumn();
0
-        } elseif ($attr == "feathers") {
0
-          $where[] = "feather = :feather";
0
-          $params[':feather'] = depluralize($get['feathers']);
0
-        } else {
0
+        elseif ($attr == "feathers")
0
+          $where["feather"] = depluralize($get['feathers']);
0
+        else {
0
           $tokens = array($where, $params, $attr);
0
           Trigger::current()->filter($tokens, "post_url_token");
0
           list($where, $params, $attr) = $tokens;

0
@@ -42,8 +42,7 @@
0
      *     true - if a match is found.
0
      */
0
     static function authenticate($login, $password) {
0
-      $check = new self(null, array("where" => array("login = :login", "password = :password"),
0
-                                    "params" => array(":login" => $login, ":password" => $password)));
0
+      $check = new self(null, array("where" => array("login" => $login, "password" => $password)));
0
       return !$check->no_results;
0
     }
0
 
0
@@ -167,8 +166,7 @@
0
       if ($this->no_results)
0
         return false;
0
 
0
-      return Post::find(array("where" => "user_id = :user_id",
0
-                              "params" => array(":user_id" => $this->id)));
0
+      return Post::find(array("where" => array("user_id" => $this->id)));
0
     }
0
 
0
     /**
0
@@ -179,8 +177,7 @@
0
       if ($this->no_results)
0
         return false;
0
 
0
-      return Page::find(array("where" => "user_id = :user_id",
0
-                              "params" => array(":user_id" => $this->id)));
0
+      return Page::find(array("where" => array("user_id" => $this->id)));
0
     }
0
 
0
     /**

0
@@ -16,10 +16,8 @@
0
      */
0
     public function __construct() {
0
       if (isset($_SESSION['login']) and isset($_SESSION['password']))
0
-        parent::__construct(null, array("where"  => array("login = :login",
0
-                                                          "password = :password"),
0
-                                        "params" => array(":login"    => $_SESSION['login'],
0
-                                                          ":password" => $_SESSION['password'])));
0
+        parent::__construct(null, array("where"  => array("login"    => $_SESSION['login'],
0
+                                                          "password" => $_SESSION['password'])));
0
     }
0
 
0
     /**

0
@@ -86,8 +86,7 @@
0
                                         "timestamp" => $timestamp,
0
                                         "url" => url("archive/".when("Y/m/", $time->created_at)));
0
 
0
-          $archives[$timestamp]["posts"] = Post::find(array("where" => "created_at LIKE :created_at",
0
-                                                            "params" => array(":created_at" => when("Y-m", $time->created_at)."%")));
0
+          $archives[$timestamp]["posts"] = Post::find(array("where" => array("created_at like" => when("Y-m", $time->created_at)."%")));
0
         }
0
 
0
         $theme->load("pages/archive", array("archives" => $archives));

0
@@ -697,8 +697,7 @@
0
     }
0
 
0
     public function posts_export($atom, $post) {
0
-      $comments = Comment::find(array("where" => "post_id = :post_id",
0
-                                      "params" => array(":post_id" => $post->id)),
0
+      $comments = Comment::find(array("where" => array("post_id" => $post->id)),
0
                                 array("filter" => false));
0
 
0
       foreach ($comments as $comment) {

0
@@ -248,7 +248,7 @@
0
 
0
       # Can they edit their own comments, and do they have any?
0
       if ($visitor->group()->can("edit_own_comment") and
0
-          self::find(array("where" => "user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          self::find(array("where" => array("user_id" => $visitor->id))))
0
         return true;
0
 
0
       return false;
0
@@ -267,7 +267,7 @@
0
 
0
       # Can they delete their own comments, and do they have any?
0
       if ($visitor->group()->can("delete_own_comment") and
0
-          self::find(array("where" => "user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          self::find(array("where" => array("user_id" => $visitor->id))))
0
         return true;
0
 
0
       return false;

0
@@ -179,7 +179,7 @@
0
         $clean[] = $tag["clean"];
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags($tags, $clean);
0
+      list($tags, $clean, $tag2clean,) = self::parseTags($tags, $clean);
0
 
0
       $max_qty = max(array_values($tags));
0
       $min_qty = min(array_values($tags));
0
@@ -208,15 +208,13 @@
0
       list($where, $params) = keywords(urldecode($_GET['query']), "xml LIKE :query");
0
 
0
       $visitor = Visitor::current();
0
-      if (!$visitor->group()->can("view_draft", "edit_draft", "edit_post", "delete_draft", "delete_post")) {
0
-        $where[] = "user_id = :visitor_id";
0
-        $params[':visitor_id'] = $visitor->id;
0
-      }
0
+      if (!$visitor->group()->can("view_draft", "edit_draft", "edit_post", "delete_draft", "delete_post"))
0
+        $where["user_id"] = $visitor->id;
0
 
0
       $admin->context["posts"] = new Paginator(Post::find(array("placeholders" => true,
0
-                                                               "drafts" => true,
0
-                                                               "where" => $where,
0
-                                                               "params" => $params)), 25);
0
+                                                                "drafts" => true,
0
+                                                                "where" => $where,
0
+                                                                "params" => $params)), 25);
0
     }
0
 
0
     public function admin_rename_tag($admin) {
0
@@ -239,7 +237,7 @@
0
         $clean[] = $tag["clean"];
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags($tags, $clean);
0
+      list($tags, $clean, $tag2clean,) = self::parseTags($tags, $clean);
0
 
0
       foreach ($tags as $tag => $count)
0
         if ($tag2clean[$tag] == $_GET['name'])
0
@@ -348,8 +346,7 @@
0
       global $posts;
0
 
0
       $posts = new Paginator(Post::find(array("placeholders" => true,
0
-                                              "where" => "tags.clean LIKE :tag",
0
-                                              "params" => array(":tag" => "%{{".$_GET['name']."}}%"))),
0
+                                              "where" => array("tags.clean like" => "%{{".$_GET['name']."}}%"))),
0
                              Config::current()->posts_per_page);
0
 
0
       return !empty($posts->paginated);
0
@@ -505,7 +502,7 @@
0
         return;
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags(array($post->unclean_tags), array($post->clean_tags));
0
+      list($tags, $clean, $tag2clean,) = self::parseTags(array($post->unclean_tags), array($post->clean_tags));
0
 
0
       $post->tags = array();
0
 
0
@@ -557,7 +554,7 @@
0
       if (!count($unclean))
0
         return array();
0
 
0
-      list($unclean, $clean, $tag2clean) = $this->parseTags($unclean, $clean);
0
+      list($unclean, $clean, $tag2clean,) = self::parseTags($unclean, $clean);
0
 
0
       foreach ($unclean as $name => $popularity)
0
         $unclean[$name] = array("name" => $name, "popularity" => $popularity, "url" => $tag2clean[$name]);
0
@@ -581,7 +578,7 @@
0
         $clean[] = $tag["clean"];
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags($tags, $clean);
0
+      list($tags, $clean, $tag2clean, $clean2tag) = self::parseTags($tags, $clean);
0
 
0
       return $clean2tag[$clean_tag];
0
     }
0
@@ -594,7 +591,7 @@
0
         $clean[] = $tag["clean"];
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags($tags, $clean);
0
+      list($tags, $clean, $tag2clean) = self::parseTags($tags, $clean);
0
 
0
       return $tag2clean[$unclean_tag];
0
     }
0
@@ -658,10 +655,11 @@
0
     # array("foo", "bar", "foo")
0
     # to
0
     # array("foo" => 2, "bar" => 1)
0
-    public function parseTags($tags, $clean) {
0
+    static function parseTags($tags, $clean) {
0
       $tags = array_count_values(explode(",", preg_replace("/\{\{([^\}]+)\}\}/", "\\1", implode(",", $tags))));
0
       $clean = array_count_values(explode(",", preg_replace("/\{\{([^\}]+)\}\}/", "\\1", implode(",", $clean))));
0
       $tag2clean = array_combine(array_keys($tags), array_keys($clean));
0
-      return array($tags, $clean, $tag2clean);
0
+      $clean2tag = array_combine(array_keys($clean), array_keys($tags));
0
+      return array($tags, $clean, $tag2clean, $clean2tag);
0
     }
0
   }