Version 18.9.7

2024-06-05 00:05:23 +02:00 · 2018-10-29 22:22:02 +01:00 · 2018-10-29 22:22:02 +01:00 · 163ea4e117
commit 163ea4e117
parent 98925a3bcc
11 changed files with 1237 additions and 1326 deletions
--- a/swad_changelog.h
+++ b/swad_changelog.h
@ -355,10 +355,11 @@ En OpenSWAD:
 ps2pdf source.ps destination.pdf
 */
-#define Log_PLATFORM_VERSION	"SWAD 18.9.6 (2018-10-29)"
+#define Log_PLATFORM_VERSION	"SWAD 18.9.7 (2018-10-29)"
 #define CSS_FILE		"swad18.4.css"
 #define JS_FILE			"swad17.17.1.js"
 /*
 	Version 18.9.7:   Oct 29, 2018  Some sprintf for database queries changed by internal function. (235705 lines)
 	Version 18.9.6:   Oct 29, 2018  Some sprintf for database queries changed by internal function.
 					Internal changes in messages. (235787 lines)
 	Version 18.9.5:   Oct 29, 2018  Some sprintf for database queries changed by internal function. (235775 lines)
--- a/swad_report.c
+++ b/swad_report.c
@ -991,7 +991,6 @@ static void Rep_GetAndWriteMyCurrentCrss (Rol_Role_t Role,
   extern const char *Txt_courses;
   extern const char *Txt_teachers_ABBREVIATION;
   extern const char *Txt_students_ABBREVIATION;
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumCrss;
@ -1016,7 +1015,7 @@ static void Rep_GetAndWriteMyCurrentCrss (Rol_Role_t Role,
 	       Txt_students_ABBREVIATION);
      /***** Get courses of a user from database *****/
-      sprintf (Query,"SELECT crs_usr.CrsCod,log_full.CrsCod,COUNT(*) AS N"
+      DB_BuildQuery ("SELECT crs_usr.CrsCod,log_full.CrsCod,COUNT(*) AS N"
 	             " FROM crs_usr LEFT JOIN log_full ON"
 	             " (crs_usr.CrsCod=log_full.CrsCod"
 	             " AND crs_usr.UsrCod=log_full.UsrCod"
@ -1025,10 +1024,10 @@ static void Rep_GetAndWriteMyCurrentCrss (Rol_Role_t Role,
 	             " AND crs_usr.Role=%u"
 	             " GROUP BY crs_usr.CrsCod"
 	             " ORDER BY N DESC,log_full.CrsCod DESC",
-	       Gbl.Usrs.Me.UsrDat.UsrCod,(unsigned) Role);
+		     Gbl.Usrs.Me.UsrDat.UsrCod,(unsigned) Role);
      /***** List the courses (one row per course) *****/
-      if ((NumCrss = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get courses of a user")))
+      if ((NumCrss = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get courses of a user")))
 	{
 	 /* Heading row */
 	 fprintf (Gbl.F.Rep,"<ol>");
@ -1093,7 +1092,6 @@ static void Rep_GetAndWriteMyHistoricCrss (Rol_Role_t Role,
  {
   extern const char *Txt_Hits_as_a_USER;
   extern const char *Txt_ROLES_SINGUL_abc[Rol_NUM_ROLES][Usr_NUM_SEXS];
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumCrss;
@ -1101,17 +1099,17 @@ static void Rep_GetAndWriteMyHistoricCrss (Rol_Role_t Role,
   long CrsCod;
   /***** Get historic courses of a user from log *****/
-   sprintf (Query,"SELECT CrsCod,COUNT(*) AS N"
+   DB_BuildQuery ("SELECT CrsCod,COUNT(*) AS N"
 	          " FROM log_full"
 	          " WHERE UsrCod=%ld AND Role=%u AND CrsCod>0"
                  " GROUP BY CrsCod"
 	          " HAVING N>%u"
                  " ORDER BY N DESC",
-            Gbl.Usrs.Me.UsrDat.UsrCod,(unsigned) Role,
+		  Gbl.Usrs.Me.UsrDat.UsrCod,(unsigned) Role,
-            Rep_MIN_CLICKS_CRS);
+		  Rep_MIN_CLICKS_CRS);
   /***** List the courses (one row per course) *****/
-   if ((NumCrss = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get courses of a user")))
+   if ((NumCrss = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get courses of a user")))
     {
      /* Heading row */
      snprintf (Gbl.Title,sizeof (Gbl.Title),
@ -1216,7 +1214,6 @@ static void Rep_WriteRowCrsData (long CrsCod,Rol_Role_t Role,
 static void Rep_ShowMyHitsPerYear (bool AnyCourse,long CrsCod,Rol_Role_t Role,
                                   struct Rep_Report *Report)
  {
   char Query[1024];
   char SubQueryCrs[128];
   char SubQueryRol[128];
   MYSQL_RES *mysql_res;
@ -1238,17 +1235,17 @@ static void Rep_ShowMyHitsPerYear (bool AnyCourse,long CrsCod,Rol_Role_t Role,
   else
      sprintf (SubQueryRol," AND Role=%u",(unsigned) Role);
-   sprintf (Query,"SELECT SQL_NO_CACHE "
+   DB_BuildQuery ("SELECT SQL_NO_CACHE "
 		  "YEAR(CONVERT_TZ(ClickTime,@@session.time_zone,'UTC')) AS Year,"
 		  "COUNT(*) FROM log_full"
                  " WHERE ClickTime>=FROM_UNIXTIME(%ld)"
 		  " AND UsrCod=%ld%s%s"
 		  " GROUP BY Year DESC",
-            (long) Report->UsrFigures.FirstClickTimeUTC,
+		  (long) Report->UsrFigures.FirstClickTimeUTC,
-	    Gbl.Usrs.Me.UsrDat.UsrCod,
+		  Gbl.Usrs.Me.UsrDat.UsrCod,
-	    SubQueryCrs,
+		  SubQueryCrs,
-	    SubQueryRol);
+		  SubQueryRol);
-   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get clicks");
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get clicks");
   /***** Initialize first year *****/
   Gbl.DateRange.DateIni.Date.Year = 1900 + Report->tm_FirstClickTime.tm_year;
@ -1393,7 +1390,6 @@ void Rep_RemoveUsrUsageReports (long UsrCod)
 static void Rep_RemoveUsrReportsFiles (long UsrCod)
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumReports;
@ -1401,10 +1397,10 @@ static void Rep_RemoveUsrReportsFiles (long UsrCod)
   char PathUniqueDirReport[PATH_MAX + 1];
   /***** Get directories for the reports *****/
-   sprintf (Query,"SELECT UniqueDirL,UniqueDirR FROM usr_report"
+   DB_BuildQuery ("SELECT UniqueDirL,UniqueDirR FROM usr_report"
 	          " WHERE UsrCod=%ld",
-	    UsrCod);
+		  UsrCod);
-   NumReports = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get user's usage reports");
+   NumReports = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get user's usage reports");
   /***** Remove the reports *****/
   for (NumReport = 0;
--- a/swad_role.c
+++ b/swad_role.c
@ -335,7 +335,6 @@ void Rol_FlushCacheRoleUsrInCrs (void)
 Rol_Role_t Rol_GetRoleUsrInCrs (long UsrCod,long CrsCod)
  {
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
@ -354,10 +353,10 @@ Rol_Role_t Rol_GetRoleUsrInCrs (long UsrCod,long CrsCod)
   Gbl.Cache.RoleUsrInCrs.UsrCod = UsrCod;
   Gbl.Cache.RoleUsrInCrs.CrsCod = CrsCod;
   Gbl.Cache.RoleUsrInCrs.Role = Rol_UNK;
-   sprintf (Query,"SELECT Role FROM crs_usr"
+   DB_BuildQuery ("SELECT Role FROM crs_usr"
 		  " WHERE CrsCod=%ld AND UsrCod=%ld",
-	    CrsCod,UsrCod);
+		  CrsCod,UsrCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get the role of a user in a course") == 1)        // User belongs to the course
+   if (DB_QuerySELECT_new (&mysql_res,"can not get the role of a user in a course") == 1)        // User belongs to the course
     {
      row = mysql_fetch_row (mysql_res);
      Gbl.Cache.RoleUsrInCrs.Role = Rol_ConvertUnsignedStrToRole (row[0]);
@ -375,7 +374,6 @@ Rol_Role_t Rol_GetRoleUsrInCrs (long UsrCod,long CrsCod)
 void Rol_GetRolesInAllCrssIfNotYetGot (struct UsrData *UsrDat)
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRole;
@ -385,11 +383,11 @@ void Rol_GetRolesInAllCrssIfNotYetGot (struct UsrData *UsrDat)
   if (UsrDat->Roles.InCrss < 0)	// Not yet filled
     {
      /***** Get distinct roles in all courses of the user from database *****/
-      sprintf (Query,"SELECT DISTINCT(Role) FROM crs_usr WHERE UsrCod=%ld",
+      DB_BuildQuery ("SELECT DISTINCT(Role) FROM crs_usr WHERE UsrCod=%ld",
-	       UsrDat->UsrCod);
+		     UsrDat->UsrCod);
-      NumRoles = (unsigned) DB_QuerySELECT (Query,&mysql_res,
+      NumRoles = (unsigned) DB_QuerySELECT_new (&mysql_res,
-					    "can not get the roles of a user"
+						"can not get the roles of a user"
-					    " in all his/her courses");
+						" in all his/her courses");
      for (NumRole = 0, UsrDat->Roles.InCrss = 0;
 	   NumRole < NumRoles;
 	   NumRole++)
@ -585,16 +583,15 @@ unsigned Rol_GetSelectedRoles (void)
 Rol_Role_t Rol_GetRequestedRole (long UsrCod)
  {
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   Rol_Role_t Role = Rol_UNK;
   /***** Get requested role from database *****/
-   sprintf (Query,"SELECT Role FROM crs_usr_requests"
+   DB_BuildQuery ("SELECT Role FROM crs_usr_requests"
                  " WHERE CrsCod=%ld AND UsrCod=%ld",
-            Gbl.CurrentCrs.Crs.CrsCod,UsrCod);
+		  Gbl.CurrentCrs.Crs.CrsCod,UsrCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get requested role"))
+   if (DB_QuerySELECT_new (&mysql_res,"can not get requested role"))
     {
      /***** Get role *****/
      row = mysql_fetch_row (mysql_res);
--- a/swad_session.c
+++ b/swad_session.c
@ -252,21 +252,20 @@ void Ses_RemoveExpiredSessions (void)
 bool Ses_GetSessionData (void)
  {
   char Query[256 + Cns_BYTES_SESSION_ID];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned UnsignedNum;
   bool Result = false;
   /***** Query data of session from database *****/
-   sprintf (Query,"SELECT UsrCod,Password,Role,"
+   DB_BuildQuery ("SELECT UsrCod,Password,Role,"
 	          "CtyCod,InsCod,CtrCod,DegCod,CrsCod,"
 	          "WhatToSearch,SearchStr"
 	          " FROM sessions WHERE SessionId='%s'",
-	    Gbl.Session.Id);
+		  Gbl.Session.Id);
   /***** Check if the session existed in the database *****/
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get data of session"))
+   if (DB_QuerySELECT_new (&mysql_res,"can not get data of session"))
     {
      row = mysql_fetch_row (mysql_res);
@ -404,7 +403,6 @@ unsigned Ses_GetHiddenParFromDB (Act_Action_t NextAction,
                                 const char *ParamName,char *ParamValue,
                                 size_t MaxBytes)
  {
   char Query[512 + Cns_BYTES_SESSION_ID];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRows;
@ -416,10 +414,10 @@ unsigned Ses_GetHiddenParFromDB (Act_Action_t NextAction,
   if (Gbl.Session.IsOpen)	// If the session is open, get parameter from DB
     {
      /***** Get a hidden parameter from database *****/
-      sprintf (Query,"SELECT ParamValue FROM hidden_params"
+      DB_BuildQuery ("SELECT ParamValue FROM hidden_params"
                     " WHERE SessionId='%s' AND Action=%ld AND ParamName='%s'",
-               Gbl.Session.Id,Act_GetActCod (NextAction),ParamName);
+		     Gbl.Session.Id,Act_GetActCod (NextAction),ParamName);
-      NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get a hidden parameter");
+      NumRows = DB_QuerySELECT_new (&mysql_res,"can not get a hidden parameter");
      /***** Check if the parameter is found in database *****/
      if (NumRows)
--- a/swad_social.c
+++ b/swad_social.c
@ -249,7 +249,7 @@ static unsigned Soc_GetNumTimesACommHasBeenFav (struct SocialComment *SocCom);
 static void Soc_ShowUsrsWhoHaveSharedSocialNote (const struct SocialNote *SocNot);
 static void Soc_ShowUsrsWhoHaveMarkedSocialNoteAsFav (const struct SocialNote *SocNot);
 static void Soc_ShowUsrsWhoHaveMarkedSocialCommAsFav (const struct SocialComment *SocCom);
-static void Soc_ShowSharersOrFavers (unsigned NumUsrs,const char *Query);
+static void Soc_ShowSharersOrFavers (unsigned NumUsrs);
 static void Soc_GetDataOfSocialNotByCod (struct SocialNote *SocNot);
 static void Soc_GetDataOfSocialComByCod (struct SocialComment *SocCom);
@ -794,15 +794,14 @@ static void Soc_BuildQueryToGetTimeline (Soc_TimelineUsrOrGbl_t TimelineUsrOrGbl
 static long Soc_GetPubCodFromSession (const char *FieldName)
  {
   char Query[128 + Cns_BYTES_SESSION_ID];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   long PubCod;
   /***** Get last publishing code from database *****/
-   sprintf (Query,"SELECT %s FROM sessions WHERE SessionId='%s'",
+   DB_BuildQuery ("SELECT %s FROM sessions WHERE SessionId='%s'",
-            FieldName,Gbl.Session.Id);
+		  FieldName,Gbl.Session.Id);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get publishing code from session") != 1)
+   if (DB_QuerySELECT_new (&mysql_res,"can not get publishing code from session") != 1)
      Lay_ShowErrorAndExit ("Error when getting publishing code from session.");
   /***** Get last publishing code *****/
@ -1623,7 +1622,6 @@ static void Soc_WriteDateTime (time_t TimeUTC)
 static void Soc_GetAndWriteSocialPost (long PstCod)
  {
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRows;
@ -1634,10 +1632,10 @@ static void Soc_GetAndWriteSocialPost (long PstCod)
   Img_ImageConstructor (&Image);
   /***** Get social post from database *****/
-   sprintf (Query,"SELECT Content,ImageName,ImageTitle,ImageURL"
+   DB_BuildQuery ("SELECT Content,ImageName,ImageTitle,ImageURL"
 	          " FROM social_posts WHERE PstCod=%ld",
-            PstCod);
+		  PstCod);
-   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get the content of a social post");
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get the content of a social post");
   /***** Result should have a unique row *****/
   if (NumRows == 1)
@ -2411,7 +2409,6 @@ static unsigned long Soc_GetNumCommentsInSocialNote (long NotCod)
 static void Soc_WriteCommentsInSocialNote (const struct SocialNote *SocNot)
  {
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumComments;
@ -2419,7 +2416,7 @@ static void Soc_WriteCommentsInSocialNote (const struct SocialNote *SocNot)
   struct SocialComment SocCom;
   /***** Get comments of this social note from database *****/
-   sprintf (Query,"SELECT social_pubs.PubCod,social_pubs.PublisherCod,"
+   DB_BuildQuery ("SELECT social_pubs.PubCod,social_pubs.PublisherCod,"
 		  "social_pubs.NotCod,"
 		  "UNIX_TIMESTAMP(social_pubs.TimePublish),"
 		  "social_comments.Content,"
@ -2431,8 +2428,8 @@ static void Soc_WriteCommentsInSocialNote (const struct SocialNote *SocNot)
                  " AND social_pubs.PubType=%u"
 		  " AND social_pubs.PubCod=social_comments.PubCod"
 		  " ORDER BY social_pubs.PubCod",
-	    SocNot->NotCod,(unsigned) Soc_PUB_COMMENT_TO_NOTE);
+		  SocNot->NotCod,(unsigned) Soc_PUB_COMMENT_TO_NOTE);
-   NumComments = DB_QuerySELECT (Query,&mysql_res,"can not get social comments");
+   NumComments = DB_QuerySELECT_new (&mysql_res,"can not get social comments");
   /***** List comments *****/
   if (NumComments)	// Comments to this social note found
@ -3719,14 +3716,13 @@ static void Soc_RemoveSocialNote (void)
 static void Soc_RemoveImgFileFromSocialPost (long PstCod)
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   /***** Get name of image associated to a social post from database *****/
-   sprintf (Query,"SELECT ImageName FROM social_posts WHERE PstCod=%ld",
+   DB_BuildQuery ("SELECT ImageName FROM social_posts WHERE PstCod=%ld",
-	    PstCod);
+		  PstCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get image"))
+   if (DB_QuerySELECT_new (&mysql_res,"can not get image"))
     {
      /***** Get image name (row[0]) *****/
      row = mysql_fetch_row (mysql_res);
@ -3844,15 +3840,14 @@ static void Soc_RemoveASocialNoteFromDB (struct SocialNote *SocNot)
 static long Soc_GetNotCodOfSocialPublishing (long PubCod)
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   long NotCod = -1L;
   /***** Get code of social note from database *****/
-   sprintf (Query,"SELECT NotCod FROM social_pubs WHERE PubCod=%ld",
+   DB_BuildQuery ("SELECT NotCod FROM social_pubs WHERE PubCod=%ld",
-	    PubCod);
+		  PubCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get code of social note") == 1)   // Result should have a unique row
+   if (DB_QuerySELECT_new (&mysql_res,"can not get code of social note") == 1)   // Result should have a unique row
     {
      /* Get code of social note */
      row = mysql_fetch_row (mysql_res);
@ -3871,16 +3866,15 @@ static long Soc_GetNotCodOfSocialPublishing (long PubCod)
 static long Soc_GetPubCodOfOriginalSocialNote (long NotCod)
  {
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   long OriginalPubCod = -1L;
   /***** Get code of social publishing of the original note *****/
-   sprintf (Query,"SELECT PubCod FROM social_pubs"
+   DB_BuildQuery ("SELECT PubCod FROM social_pubs"
 		  " WHERE NotCod=%ld AND PubType=%u",
-	    NotCod,(unsigned) Soc_PUB_ORIGINAL_NOTE);
+		  NotCod,(unsigned) Soc_PUB_ORIGINAL_NOTE);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get code of social publishing") == 1)   // Result should have a unique row
+   if (DB_QuerySELECT_new (&mysql_res,"can not get code of social publishing") == 1)   // Result should have a unique row
     {
      /* Get code of social publishing (row[0]) */
      row = mysql_fetch_row (mysql_res);
@ -4064,14 +4058,13 @@ static void Soc_RemoveSocialComment (void)
 static void Soc_RemoveImgFileFromSocialComment (long PubCod)
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   /***** Get name of image associated to a social post from database *****/
-   sprintf (Query,"SELECT ImageName FROM social_comments WHERE PubCod=%ld",
+   DB_BuildQuery ("SELECT ImageName FROM social_comments WHERE PubCod=%ld",
-	    PubCod);
+		  PubCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get image"))
+   if (DB_QuerySELECT_new (&mysql_res,"can not get image"))
     {
      /***** Get image name (row[0]) *****/
      row = mysql_fetch_row (mysql_res);
@ -4308,19 +4301,17 @@ static unsigned Soc_GetNumTimesACommHasBeenFav (struct SocialComment *SocCom)
 static void Soc_ShowUsrsWhoHaveSharedSocialNote (const struct SocialNote *SocNot)
  {
   char Query[256];
   /***** Get users who have shared this note *****/
-   sprintf (Query,"SELECT PublisherCod FROM social_pubs"
+   DB_BuildQuery ("SELECT PublisherCod FROM social_pubs"
 		  " WHERE NotCod=%ld"
 		  " AND PublisherCod<>%ld"
 		  " AND PubType=%u"
 		  " ORDER BY PubCod LIMIT %u",
-	    SocNot->NotCod,
+		  SocNot->NotCod,
-	    SocNot->UsrCod,
+		  SocNot->UsrCod,
-	    (unsigned) Soc_PUB_SHARED_NOTE,
+		  (unsigned) Soc_PUB_SHARED_NOTE,
-	    Soc_MAX_SHARERS_FAVERS_SHOWN);
+		  Soc_MAX_SHARERS_FAVERS_SHOWN);
-   Soc_ShowSharersOrFavers (SocNot->NumShared,Query);
+   Soc_ShowSharersOrFavers (SocNot->NumShared);
  }
 /*****************************************************************************/
@ -4329,17 +4320,15 @@ static void Soc_ShowUsrsWhoHaveSharedSocialNote (const struct SocialNote *SocNot
 static void Soc_ShowUsrsWhoHaveMarkedSocialNoteAsFav (const struct SocialNote *SocNot)
  {
   char Query[256];
   /***** Get users who have marked this note as favourite *****/
-   sprintf (Query,"SELECT UsrCod FROM social_notes_fav"
+   DB_BuildQuery ("SELECT UsrCod FROM social_notes_fav"
 		  " WHERE NotCod=%ld"
 		  " AND UsrCod<>%ld"	// Extra check
 		  " ORDER BY FavCod LIMIT %u",
-	    SocNot->NotCod,
+		  SocNot->NotCod,
-	    SocNot->UsrCod,
+		  SocNot->UsrCod,
-	    Soc_MAX_SHARERS_FAVERS_SHOWN);
+		  Soc_MAX_SHARERS_FAVERS_SHOWN);
-   Soc_ShowSharersOrFavers (SocNot->NumFavs,Query);
+   Soc_ShowSharersOrFavers (SocNot->NumFavs);
  }
 /*****************************************************************************/
@ -4348,17 +4337,15 @@ static void Soc_ShowUsrsWhoHaveMarkedSocialNoteAsFav (const struct SocialNote *S
 static void Soc_ShowUsrsWhoHaveMarkedSocialCommAsFav (const struct SocialComment *SocCom)
  {
   char Query[256];
   /***** Get users who have marked this comment as favourite *****/
-   sprintf (Query,"SELECT UsrCod FROM social_comments_fav"
+   DB_BuildQuery ("SELECT UsrCod FROM social_comments_fav"
 		  " WHERE PubCod=%ld"
 		  " AND UsrCod<>%ld"	// Extra check
 		  " ORDER BY FavCod LIMIT %u",
-	    SocCom->PubCod,
+		  SocCom->PubCod,
-	    SocCom->UsrCod,
+		  SocCom->UsrCod,
-	    Soc_MAX_SHARERS_FAVERS_SHOWN);
+		  Soc_MAX_SHARERS_FAVERS_SHOWN);
-   Soc_ShowSharersOrFavers (SocCom->NumFavs,Query);
+   Soc_ShowSharersOrFavers (SocCom->NumFavs);
  }
 /*****************************************************************************/
@ -4366,7 +4353,7 @@ static void Soc_ShowUsrsWhoHaveMarkedSocialCommAsFav (const struct SocialComment
 /*****************************************************************************/
 // All forms in this function and nested functions must have unique identifiers
-static void Soc_ShowSharersOrFavers (unsigned NumUsrs,const char *Query)
+static void Soc_ShowSharersOrFavers (unsigned NumUsrs)
  {
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
@ -4384,7 +4371,7 @@ static void Soc_ShowSharersOrFavers (unsigned NumUsrs,const char *Query)
   if (NumUsrs)
     {
      /***** Get list of users from database *****/
-      NumFirstUsrs = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get users");
+      NumFirstUsrs = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get users");
      if (NumFirstUsrs)
 	{
 	 /***** Initialize structure with user's data *****/
@ -4440,18 +4427,17 @@ static void Soc_ShowSharersOrFavers (unsigned NumUsrs,const char *Query)
 static void Soc_GetDataOfSocialNotByCod (struct SocialNote *SocNot)
  {
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   if (SocNot->NotCod > 0)
     {
      /***** Get data of social note from database *****/
-      sprintf (Query,"SELECT NotCod,NoteType,Cod,UsrCod,HieCod,Unavailable,UNIX_TIMESTAMP(TimeNote)"
+      DB_BuildQuery ("SELECT NotCod,NoteType,Cod,UsrCod,HieCod,Unavailable,UNIX_TIMESTAMP(TimeNote)"
 		     " FROM social_notes"
 		     " WHERE NotCod=%ld",
-	       SocNot->NotCod);
+		     SocNot->NotCod);
-      if (DB_QuerySELECT (Query,&mysql_res,"can not get data of social note"))
+      if (DB_QuerySELECT_new (&mysql_res,"can not get data of social note"))
 	{
 	 /***** Get data of social note *****/
 	 row = mysql_fetch_row (mysql_res);
@ -4475,14 +4461,13 @@ static void Soc_GetDataOfSocialNotByCod (struct SocialNote *SocNot)
 static void Soc_GetDataOfSocialComByCod (struct SocialComment *SocCom)
  {
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   if (SocCom->PubCod > 0)
     {
      /***** Get data of social comment from database *****/
-      sprintf (Query,"SELECT social_pubs.PubCod,social_pubs.PublisherCod,"
+      DB_BuildQuery ("SELECT social_pubs.PubCod,social_pubs.PublisherCod,"
 		     "social_pubs.NotCod,"
 		     "UNIX_TIMESTAMP(social_pubs.TimePublish),"
 		     "social_comments.Content,"
@ -4493,8 +4478,8 @@ static void Soc_GetDataOfSocialComByCod (struct SocialComment *SocCom)
 		     " WHERE social_pubs.PubCod=%ld"
                     " AND social_pubs.PubType=%u"
 		     " AND social_pubs.PubCod=social_comments.PubCod",
-	       SocCom->PubCod,(unsigned) Soc_PUB_COMMENT_TO_NOTE);
+		     SocCom->PubCod,(unsigned) Soc_PUB_COMMENT_TO_NOTE);
-      if (DB_QuerySELECT (Query,&mysql_res,"can not get data of social comment"))
+      if (DB_QuerySELECT_new (&mysql_res,"can not get data of social comment"))
 	{
 	 /***** Get data of social comment *****/
 	 row = mysql_fetch_row (mysql_res);
@ -4720,7 +4705,6 @@ void Soc_GetNotifSocialPublishing (char SummaryStr[Ntf_MAX_BYTES_SUMMARY + 1],
                                   char **ContentStr,
                                   long PubCod,bool GetContent)
  {
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   struct SocialPublishing SocPub;
@ -4735,10 +4719,10 @@ void Soc_GetNotifSocialPublishing (char SummaryStr[Ntf_MAX_BYTES_SUMMARY + 1],
   Content[0] = '\0';
   /***** Get summary and content from social post from database *****/
-   sprintf (Query,"SELECT PubCod,NotCod,PublisherCod,PubType,UNIX_TIMESTAMP(TimePublish)"
+   DB_BuildQuery ("SELECT PubCod,NotCod,PublisherCod,PubType,UNIX_TIMESTAMP(TimePublish)"
 		  " FROM social_pubs WHERE PubCod=%ld",
-            PubCod);
+		  PubCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get data of social publishing") == 1)   // Result should have a unique row
+   if (DB_QuerySELECT_new (&mysql_res,"can not get data of social publishing") == 1)   // Result should have a unique row
     {
      /* Get data of social publishing */
      row = mysql_fetch_row (mysql_res);
@ -4763,10 +4747,10 @@ void Soc_GetNotifSocialPublishing (char SummaryStr[Ntf_MAX_BYTES_SUMMARY + 1],
 	   {
 	    /***** Get content of social post from database *****/
 	    // TODO: What happens if content is empty and an image is attached?
-	    sprintf (Query,"SELECT Content FROM social_posts"
+	    DB_BuildQuery ("SELECT Content FROM social_posts"
 			   " WHERE PstCod=%ld",
-		     SocNot.Cod);
+			   SocNot.Cod);
-	    if (DB_QuerySELECT (Query,&mysql_res,"can not get the content of a social post") == 1)   // Result should have a unique row
+	    if (DB_QuerySELECT_new (&mysql_res,"can not get the content of a social post") == 1)   // Result should have a unique row
 	      {
 	       /***** Get row *****/
 	       row = mysql_fetch_row (mysql_res);
@ -4802,10 +4786,10 @@ void Soc_GetNotifSocialPublishing (char SummaryStr[Ntf_MAX_BYTES_SUMMARY + 1],
      case Soc_PUB_COMMENT_TO_NOTE:
 	 /***** Get content of social post from database *****/
 	 // TODO: What happens if content is empty and an image is attached?
-	 sprintf (Query,"SELECT Content FROM social_comments"
+	 DB_BuildQuery ("SELECT Content FROM social_comments"
 			" WHERE PubCod=%ld",
-		  SocPub.PubCod);
+			SocPub.PubCod);
-	 if (DB_QuerySELECT (Query,&mysql_res,"can not get the content of a comment to a social note") == 1)   // Result should have a unique row
+	 if (DB_QuerySELECT_new (&mysql_res,"can not get the content of a comment to a social note") == 1)   // Result should have a unique row
 	   {
 	    /***** Get row *****/
 	    row = mysql_fetch_row (mysql_res);
--- a/swad_statistic.c
+++ b/swad_statistic.c
--- a/swad_survey.c
+++ b/swad_survey.c
@ -847,7 +847,6 @@ void Svy_GetListSurveys (void)
   extern const char *Sco_ScopeDB[Sco_NUM_SCOPES];
   char SubQuery[Sco_NUM_SCOPES][256];
   char OrderBySubQuery[256];
   char Query[2048];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRows;
@ -937,22 +936,22 @@ void Svy_GetListSurveys (void)
 	    break;
 	}
-      sprintf (Query,"SELECT SvyCod FROM surveys"
+      DB_BuildQuery ("SELECT SvyCod FROM surveys"
 		     " WHERE %s%s%s%s%s%s"
 		     " ORDER BY %s",
-		  SubQuery[Sco_SCOPE_SYS],
+		     SubQuery[Sco_SCOPE_SYS],
-		  SubQuery[Sco_SCOPE_CTY],
+		     SubQuery[Sco_SCOPE_CTY],
-		  SubQuery[Sco_SCOPE_INS],
+		     SubQuery[Sco_SCOPE_INS],
-		  SubQuery[Sco_SCOPE_CTR],
+		     SubQuery[Sco_SCOPE_CTR],
-		  SubQuery[Sco_SCOPE_DEG],
+		     SubQuery[Sco_SCOPE_DEG],
-		  SubQuery[Sco_SCOPE_CRS],
+		     SubQuery[Sco_SCOPE_CRS],
-		  OrderBySubQuery);
+		     OrderBySubQuery);
     }
   else
      Lay_ShowErrorAndExit ("Can not get list of surveys.");
   /* Make query */
-   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get surveys");
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get surveys");
   if (NumRows) // Surveys found...
     {
@ -1155,23 +1154,22 @@ static void Svy_SetAllowedAndHiddenScopes (unsigned *ScopesAllowed,
 void Svy_GetDataOfSurveyByCod (struct Survey *Svy)
  {
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRows;
   /***** Build query *****/
-   sprintf (Query,"SELECT SvyCod,Scope,Cod,Hidden,Roles,UsrCod,"
+   DB_BuildQuery ("SELECT SvyCod,Scope,Cod,Hidden,Roles,UsrCod,"
                  "UNIX_TIMESTAMP(StartTime),"
                  "UNIX_TIMESTAMP(EndTime),"
                  "NOW() BETWEEN StartTime AND EndTime,"
                  "Title"
                  " FROM surveys"
                  " WHERE SvyCod=%ld",
-            Svy->SvyCod);
+		  Svy->SvyCod);
   /***** Get data of survey from database *****/
-   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get survey data");
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get survey data");
   if (NumRows) // Survey found...
     {
@ -1386,14 +1384,13 @@ void Svy_FreeListSurveys (void)
 static void Svy_GetSurveyTxtFromDB (long SvyCod,char Txt[Cns_MAX_BYTES_TEXT + 1])
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRows;
   /***** Get text of survey from database *****/
-   sprintf (Query,"SELECT Txt FROM surveys WHERE SvyCod=%ld",SvyCod);
+   DB_BuildQuery ("SELECT Txt FROM surveys WHERE SvyCod=%ld",SvyCod);
-   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get survey text");
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get survey text");
   /***** The result of the query must have one row or none *****/
   if (NumRows == 1)
@ -2414,21 +2411,20 @@ static void Svy_GetAndWriteNamesOfGrpsAssociatedToSvy (struct Survey *Svy)
   extern const char *Txt_Groups;
   extern const char *Txt_and;
   extern const char *Txt_The_whole_course;
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRow;
   unsigned long NumRows;
   /***** Get groups associated to a survey from database *****/
-   sprintf (Query,"SELECT crs_grp_types.GrpTypName,crs_grp.GrpName"
+   DB_BuildQuery ("SELECT crs_grp_types.GrpTypName,crs_grp.GrpName"
                  " FROM svy_grp,crs_grp,crs_grp_types"
                  " WHERE svy_grp.SvyCod=%ld"
                  " AND svy_grp.GrpCod=crs_grp.GrpCod"
                  " AND crs_grp.GrpTypCod=crs_grp_types.GrpTypCod"
                  " ORDER BY crs_grp_types.GrpTypName,crs_grp.GrpName",
-            Svy->SvyCod);
+		  Svy->SvyCod);
-   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get groups of a survey");
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get groups of a survey");
   /***** Write heading *****/
   fprintf (Gbl.F.Out,"<div class=\"%s\">%s: ",
@ -2601,7 +2597,6 @@ static void Svy_ShowFormEditOneQst (long SvyCod,struct SurveyQuestion *SvyQst,
   extern const char *Txt_SURVEY_STR_ANSWER_TYPES[Svy_NUM_ANS_TYPES];
   extern const char *Txt_Save;
   extern const char *Txt_Create_question;
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumAns;
@ -2614,10 +2609,10 @@ static void Svy_ShowFormEditOneQst (long SvyCod,struct SurveyQuestion *SvyQst,
        {
         /***** Get the type of answer and the stem from the database *****/
         /* Get the question from database */
-         sprintf (Query,"SELECT QstInd,AnsType,Stem FROM svy_questions"
+         DB_BuildQuery ("SELECT QstInd,AnsType,Stem FROM svy_questions"
                        " WHERE QstCod=%ld AND SvyCod=%ld",
-                  SvyQst->QstCod,SvyCod);
+			SvyQst->QstCod,SvyCod);
-         DB_QuerySELECT (Query,&mysql_res,"can not get a question");
+         DB_QuerySELECT_new (&mysql_res,"can not get a question");
         row = mysql_fetch_row (mysql_res);
@ -2858,14 +2853,13 @@ static bool Svy_CheckIfAnswerExists (long QstCod,unsigned AnsInd)
 static unsigned Svy_GetAnswersQst (long QstCod,MYSQL_RES **mysql_res)
  {
   char Query[256];
   unsigned long NumRows;
   /***** Get answers of a question from database *****/
-   sprintf (Query,"SELECT AnsInd,NumUsrs,Answer FROM svy_answers"
+   DB_BuildQuery ("SELECT AnsInd,NumUsrs,Answer FROM svy_answers"
                  " WHERE QstCod=%ld ORDER BY AnsInd",
-            QstCod);
+		  QstCod);
-   NumRows = DB_QuerySELECT (Query,mysql_res,"can not get answers of a question");
+   NumRows = DB_QuerySELECT_new (mysql_res,"can not get answers of a question");
   /***** Count number of rows of result *****/
   if (NumRows == 0)
@ -3095,16 +3089,14 @@ void Svy_ReceiveQst (void)
 static unsigned Svy_GetQstIndFromQstCod (long QstCod)
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRows;
   unsigned QstInd = 0;
   /***** Get number of surveys with a field value from database *****/
-   sprintf (Query,"SELECT QstInd FROM svy_questions WHERE QstCod=%ld",
+   DB_BuildQuery ("SELECT QstInd FROM svy_questions WHERE QstCod=%ld",QstCod);
-            QstCod);
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get question index");
   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get question index");
   /***** Get number of users *****/
   if (NumRows)
@ -3128,15 +3120,14 @@ static unsigned Svy_GetQstIndFromQstCod (long QstCod)
 static unsigned Svy_GetNextQuestionIndexInSvy (long SvyCod)
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned QstInd = 0;
   /***** Get number of surveys with a field value from database *****/
-   sprintf (Query,"SELECT MAX(QstInd) FROM svy_questions WHERE SvyCod=%ld",
+   DB_BuildQuery ("SELECT MAX(QstInd) FROM svy_questions WHERE SvyCod=%ld",
-            SvyCod);
+		  SvyCod);
-   DB_QuerySELECT (Query,&mysql_res,"can not get last question index");
+   DB_QuerySELECT_new (&mysql_res,"can not get last question index");
   /***** Get number of users *****/
   row = mysql_fetch_row (mysql_res);
@ -3168,7 +3159,6 @@ static void Svy_ListSvyQuestions (struct Survey *Svy,
   extern const char *Txt_SURVEY_STR_ANSWER_TYPES[Svy_NUM_ANS_TYPES];
   extern const char *Txt_This_survey_has_no_questions;
   extern const char *Txt_Done;
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumQsts;
@ -3179,11 +3169,11 @@ static void Svy_ListSvyQuestions (struct Survey *Svy,
   bool PutFormAnswerSurvey = Svy->Status.ICanAnswer && !Editing;
   /***** Get data of questions from database *****/
-   sprintf (Query,"SELECT QstCod,QstInd,AnsType,Stem"
+   DB_BuildQuery ("SELECT QstCod,QstInd,AnsType,Stem"
                  " FROM svy_questions"
                  " WHERE SvyCod=%ld ORDER BY QstInd",
-            Svy->SvyCod);
+		  Svy->SvyCod);
-   NumQsts = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get data of a question");
+   NumQsts = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get data of a question");
   /***** Start box *****/
   Gbl.Svys.SvyCodToEdit = Svy->SvyCod;
@ -3661,7 +3651,6 @@ void Svy_ReceiveSurveyAnswers (void)
 static void Svy_ReceiveAndStoreUserAnswersToASurvey (long SvyCod)
  {
   char Query[256];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumQst;
@ -3674,13 +3663,11 @@ static void Svy_ReceiveAndStoreUserAnswersToASurvey (long SvyCod)
   unsigned AnsInd;
   /***** Get questions of this survey from database *****/
-   sprintf (Query,"SELECT QstCod FROM svy_questions"
+   DB_BuildQuery ("SELECT QstCod FROM svy_questions"
                  " WHERE SvyCod=%ld ORDER BY QstCod",
-            SvyCod);
+		  SvyCod);
-   DB_QuerySELECT (Query,&mysql_res,"can not get questions of a survey");
+   if ((NumQsts = (unsigned) DB_QuerySELECT_new (&mysql_res,
-
+						 "can not get questions of a survey")))
   if ((NumQsts = (unsigned) DB_QuerySELECT (Query,&mysql_res,
                                             "can not get surveys")))
     {
      // This survey has questions
      /***** Get questions *****/
@ -3783,7 +3770,6 @@ static unsigned Svy_GetNumUsrsWhoHaveAnsweredSvy (long SvyCod)
 unsigned Svy_GetNumCoursesWithCrsSurveys (Sco_Scope_t Scope)
  {
   extern const char *Sco_ScopeDB[Sco_NUM_SCOPES];
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumCourses;
@ -3792,13 +3778,13 @@ unsigned Svy_GetNumCoursesWithCrsSurveys (Sco_Scope_t Scope)
   switch (Scope)
     {
      case Sco_SCOPE_SYS:
-         sprintf (Query,"SELECT COUNT(DISTINCT Cod)"
+         DB_BuildQuery ("SELECT COUNT(DISTINCT Cod)"
                        " FROM surveys"
                        " WHERE Scope='%s'",
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CTY:
-         sprintf (Query,"SELECT COUNT(DISTINCT surveys.Cod)"
+         DB_BuildQuery ("SELECT COUNT(DISTINCT surveys.Cod)"
                        " FROM institutions,centres,degrees,courses,surveys"
 			" WHERE institutions.CtyCod=%ld"
 			" AND institutions.InsCod=centres.InsCod"
@ -3806,51 +3792,51 @@ unsigned Svy_GetNumCoursesWithCrsSurveys (Sco_Scope_t Scope)
                        " AND degrees.DegCod=courses.DegCod"
                        " AND courses.CrsCod=surveys.Cod"
                        " AND surveys.Scope='%s'",
-                  Gbl.CurrentIns.Ins.InsCod,
+			Gbl.CurrentIns.Ins.InsCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_INS:
-         sprintf (Query,"SELECT COUNT(DISTINCT surveys.Cod)"
+         DB_BuildQuery ("SELECT COUNT(DISTINCT surveys.Cod)"
                        " FROM centres,degrees,courses,surveys"
                        " WHERE centres.InsCod=%ld"
                        " AND centres.CtrCod=degrees.CtrCod"
                        " AND degrees.DegCod=courses.DegCod"
                        " AND courses.CrsCod=surveys.Cod"
                        " AND surveys.Scope='%s'",
-                  Gbl.CurrentIns.Ins.InsCod,
+			Gbl.CurrentIns.Ins.InsCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CTR:
-         sprintf (Query,"SELECT COUNT(DISTINCT surveys.Cod)"
+         DB_BuildQuery ("SELECT COUNT(DISTINCT surveys.Cod)"
                        " FROM degrees,courses,surveys"
                        " WHERE degrees.CtrCod=%ld"
                        " AND degrees.DegCod=courses.DegCod"
                        " AND courses.CrsCod=surveys.Cod"
                        " AND surveys.Scope='%s'",
-                  Gbl.CurrentCtr.Ctr.CtrCod,
+			Gbl.CurrentCtr.Ctr.CtrCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_DEG:
-         sprintf (Query,"SELECT COUNT(DISTINCT surveys.Cod)"
+         DB_BuildQuery ("SELECT COUNT(DISTINCT surveys.Cod)"
                        " FROM courses,surveys"
                        " WHERE courses.DegCod=%ld"
                        " AND courses.CrsCod=surveys.Cod"
                        " AND surveys.Scope='%s'",
-                  Gbl.CurrentDeg.Deg.DegCod,
+			Gbl.CurrentDeg.Deg.DegCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CRS:
-         sprintf (Query,"SELECT COUNT(DISTINCT Cod)"
+         DB_BuildQuery ("SELECT COUNT(DISTINCT Cod)"
                        " FROM surveys"
                        " WHERE Scope='%s' AND Cod=%ld",
-                  Sco_ScopeDB[Sco_SCOPE_CRS],
+			Sco_ScopeDB[Sco_SCOPE_CRS],
-                  Gbl.CurrentCrs.Crs.CrsCod);
+			Gbl.CurrentCrs.Crs.CrsCod);
         break;
      default:
 	 Lay_WrongScopeExit ();
 	 break;
     }
-   DB_QuerySELECT (Query,&mysql_res,"can not get number of courses with surveys");
+   DB_QuerySELECT_new (&mysql_res,"can not get number of courses with surveys");
   /***** Get number of surveys *****/
   row = mysql_fetch_row (mysql_res);
@ -3872,7 +3858,6 @@ unsigned Svy_GetNumCoursesWithCrsSurveys (Sco_Scope_t Scope)
 unsigned Svy_GetNumCrsSurveys (Sco_Scope_t Scope,unsigned *NumNotif)
  {
   extern const char *Sco_ScopeDB[Sco_NUM_SCOPES];
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumSurveys;
@ -3881,13 +3866,13 @@ unsigned Svy_GetNumCrsSurveys (Sco_Scope_t Scope,unsigned *NumNotif)
   switch (Scope)
     {
      case Sco_SCOPE_SYS:
-         sprintf (Query,"SELECT COUNT(*),SUM(NumNotif)"
+         DB_BuildQuery ("SELECT COUNT(*),SUM(NumNotif)"
                        " FROM surveys"
                        " WHERE Scope='%s'",
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CTY:
-         sprintf (Query,"SELECT COUNT(*),SUM(surveys.NumNotif)"
+         DB_BuildQuery ("SELECT COUNT(*),SUM(surveys.NumNotif)"
                        " FROM institutions,centres,degrees,courses,surveys"
                        " WHERE institutions.CtyCod=%ld"
                        " AND institutions.InsCod=centres.InsCod"
@ -3895,52 +3880,52 @@ unsigned Svy_GetNumCrsSurveys (Sco_Scope_t Scope,unsigned *NumNotif)
                        " AND degrees.DegCod=courses.DegCod"
                        " AND courses.CrsCod=surveys.Cod"
                        " AND surveys.Scope='%s'",
-                  Gbl.CurrentCty.Cty.CtyCod,
+			Gbl.CurrentCty.Cty.CtyCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_INS:
-         sprintf (Query,"SELECT COUNT(*),SUM(surveys.NumNotif)"
+         DB_BuildQuery ("SELECT COUNT(*),SUM(surveys.NumNotif)"
                        " FROM centres,degrees,courses,surveys"
                        " WHERE centres.InsCod=%ld"
                        " AND centres.CtrCod=degrees.CtrCod"
                        " AND degrees.DegCod=courses.DegCod"
                        " AND courses.CrsCod=surveys.Cod"
                        " AND surveys.Scope='%s'",
-                  Gbl.CurrentIns.Ins.InsCod,
+			Gbl.CurrentIns.Ins.InsCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CTR:
-         sprintf (Query,"SELECT COUNT(*),SUM(surveys.NumNotif)"
+         DB_BuildQuery ("SELECT COUNT(*),SUM(surveys.NumNotif)"
                        " FROM degrees,courses,surveys"
                        " WHERE degrees.CtrCod=%ld"
                        " AND degrees.DegCod=courses.DegCod"
                        " AND courses.CrsCod=surveys.Cod"
                        " AND surveys.Scope='%s'",
-                  Gbl.CurrentCtr.Ctr.CtrCod,
+			Gbl.CurrentCtr.Ctr.CtrCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_DEG:
-         sprintf (Query,"SELECT COUNT(*),SUM(surveys.NumNotif)"
+         DB_BuildQuery ("SELECT COUNT(*),SUM(surveys.NumNotif)"
                        " FROM courses,surveys"
                        " WHERE courses.DegCod=%ld"
                        " AND courses.CrsCod=surveys.Cod"
                        " AND surveys.Scope='%s'",
-                  Gbl.CurrentDeg.Deg.DegCod,
+			Gbl.CurrentDeg.Deg.DegCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CRS:
-         sprintf (Query,"SELECT COUNT(*),SUM(NumNotif)"
+         DB_BuildQuery ("SELECT COUNT(*),SUM(NumNotif)"
                        " FROM surveys"
                        " WHERE surveys.Scope='%s'"
                        " AND CrsCod=%ld",
-                  Sco_ScopeDB[Sco_SCOPE_CRS],
+			Sco_ScopeDB[Sco_SCOPE_CRS],
-                  Gbl.CurrentCrs.Crs.CrsCod);
+			Gbl.CurrentCrs.Crs.CrsCod);
         break;
      default:
 	 Lay_WrongScopeExit ();
 	 break;
     }
-   DB_QuerySELECT (Query,&mysql_res,"can not get number of surveys");
+   DB_QuerySELECT_new (&mysql_res,"can not get number of surveys");
   /***** Get number of surveys *****/
   row = mysql_fetch_row (mysql_res);
@ -3969,7 +3954,6 @@ unsigned Svy_GetNumCrsSurveys (Sco_Scope_t Scope,unsigned *NumNotif)
 float Svy_GetNumQstsPerCrsSurvey (Sco_Scope_t Scope)
  {
   extern const char *Sco_ScopeDB[Sco_NUM_SCOPES];
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   float NumQstsPerSurvey;
@ -3978,16 +3962,16 @@ float Svy_GetNumQstsPerCrsSurvey (Sco_Scope_t Scope)
   switch (Scope)
     {
      case Sco_SCOPE_SYS:
-         sprintf (Query,"SELECT AVG(NumQsts) FROM"
+         DB_BuildQuery ("SELECT AVG(NumQsts) FROM"
                        " (SELECT COUNT(svy_questions.QstCod) AS NumQsts"
                        " FROM surveys,svy_questions"
                        " WHERE surveys.Scope='%s'"
                        " AND surveys.SvyCod=svy_questions.SvyCod"
                        " GROUP BY svy_questions.SvyCod) AS NumQstsTable",
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CTY:
-         sprintf (Query,"SELECT AVG(NumQsts) FROM"
+         DB_BuildQuery ("SELECT AVG(NumQsts) FROM"
                        " (SELECT COUNT(svy_questions.QstCod) AS NumQsts"
                        " FROM institutions,centres,degrees,courses,surveys,svy_questions"
                        " WHERE institutions.CtyCod=%ld"
@ -3998,11 +3982,11 @@ float Svy_GetNumQstsPerCrsSurvey (Sco_Scope_t Scope)
                        " AND surveys.Scope='%s'"
                        " AND surveys.SvyCod=svy_questions.SvyCod"
                        " GROUP BY svy_questions.SvyCod) AS NumQstsTable",
-                  Gbl.CurrentCty.Cty.CtyCod,
+			Gbl.CurrentCty.Cty.CtyCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_INS:
-         sprintf (Query,"SELECT AVG(NumQsts) FROM"
+         DB_BuildQuery ("SELECT AVG(NumQsts) FROM"
                        " (SELECT COUNT(svy_questions.QstCod) AS NumQsts"
                        " FROM centres,degrees,courses,surveys,svy_questions"
                        " WHERE centres.InsCod=%ld"
@ -4012,11 +3996,11 @@ float Svy_GetNumQstsPerCrsSurvey (Sco_Scope_t Scope)
                        " AND surveys.Scope='%s'"
                        " AND surveys.SvyCod=svy_questions.SvyCod"
                        " GROUP BY svy_questions.SvyCod) AS NumQstsTable",
-                  Gbl.CurrentIns.Ins.InsCod,
+			Gbl.CurrentIns.Ins.InsCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CTR:
-         sprintf (Query,"SELECT AVG(NumQsts) FROM"
+         DB_BuildQuery ("SELECT AVG(NumQsts) FROM"
                        " (SELECT COUNT(svy_questions.QstCod) AS NumQsts"
                        " FROM degrees,courses,surveys,svy_questions"
                        " WHERE degrees.CtrCod=%ld"
@ -4025,11 +4009,11 @@ float Svy_GetNumQstsPerCrsSurvey (Sco_Scope_t Scope)
                        " AND surveys.Scope='%s'"
                        " AND surveys.SvyCod=svy_questions.SvyCod"
                        " GROUP BY svy_questions.SvyCod) AS NumQstsTable",
-                  Gbl.CurrentCtr.Ctr.CtrCod,
+			Gbl.CurrentCtr.Ctr.CtrCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_DEG:
-         sprintf (Query,"SELECT AVG(NumQsts) FROM"
+         DB_BuildQuery ("SELECT AVG(NumQsts) FROM"
                        " (SELECT COUNT(svy_questions.QstCod) AS NumQsts"
                        " FROM courses,surveys,svy_questions"
                        " WHERE courses.DegCod=%ld"
@ -4037,23 +4021,23 @@ float Svy_GetNumQstsPerCrsSurvey (Sco_Scope_t Scope)
                        " AND surveys.Scope='%s'"
                        " AND surveys.SvyCod=svy_questions.SvyCod"
                        " GROUP BY svy_questions.SvyCod) AS NumQstsTable",
-                  Gbl.CurrentDeg.Deg.DegCod,
+			Gbl.CurrentDeg.Deg.DegCod,
-                  Sco_ScopeDB[Sco_SCOPE_CRS]);
+			Sco_ScopeDB[Sco_SCOPE_CRS]);
         break;
      case Sco_SCOPE_CRS:
-         sprintf (Query,"SELECT AVG(NumQsts) FROM"
+         DB_BuildQuery ("SELECT AVG(NumQsts) FROM"
                        " (SELECT COUNT(svy_questions.QstCod) AS NumQsts"
                        " FROM surveys,svy_questions"
                        " WHERE surveys.Scope='%s' AND surveys.Cod=%ld"
                        " AND surveys.SvyCod=svy_questions.SvyCod"
                        " GROUP BY svy_questions.SvyCod) AS NumQstsTable",
-                  Sco_ScopeDB[Sco_SCOPE_CRS],Gbl.CurrentCrs.Crs.CrsCod);
+			Sco_ScopeDB[Sco_SCOPE_CRS],Gbl.CurrentCrs.Crs.CrsCod);
         break;
      default:
 	 Lay_WrongScopeExit ();
 	 break;
     }
-   DB_QuerySELECT (Query,&mysql_res,"can not get number of questions per survey");
+   DB_QuerySELECT_new (&mysql_res,"can not get number of questions per survey");
   /***** Get number of courses *****/
   row = mysql_fetch_row (mysql_res);
--- a/swad_test.c
+++ b/swad_test.c
--- a/swad_timetable.c
+++ b/swad_timetable.c
@ -655,7 +655,6 @@ static void TT_WriteTutTimeTableIntoDB (long UsrCod)
 static void TT_FillTimeTableFromDB (long UsrCod)
  {
   extern const char *Txt_Incomplete_timetable_for_lack_of_space;
   char Query[4096];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRow;
@ -683,7 +682,7 @@ static void TT_FillTimeTableFromDB (long UsrCod)
         switch (Gbl.CurrentCrs.Grps.WhichGrps)
           {
            case Grp_ONLY_MY_GROUPS:
-               sprintf (Query,"SELECT "
+               DB_BuildQuery ("SELECT "
                              "timetable_crs.Weekday,"
        	              "TIME_TO_SEC(timetable_crs.StartTime) AS S,"
        	              "TIME_TO_SEC(timetable_crs.Duration) AS D,"
@ -723,10 +722,10 @@ static void TT_FillTimeTableFromDB (long UsrCod)
                              " WHERE UsrCod=%ld"
                              " ORDER BY Weekday,S,ClassType,"
                              "GroupName,GrpCod,Place,D DESC,CrsCod",
-                        UsrCod,UsrCod,UsrCod);
+			      UsrCod,UsrCod,UsrCod);
               break;
            case Grp_ALL_GROUPS:
-               sprintf (Query,"SELECT "
+               DB_BuildQuery ("SELECT "
        	              "timetable_crs.Weekday,"
        	              "TIME_TO_SEC(timetable_crs.StartTime) AS S,"
        	              "TIME_TO_SEC(timetable_crs.Duration) AS D,"
@ -752,7 +751,7 @@ static void TT_FillTimeTableFromDB (long UsrCod)
                              " WHERE UsrCod=%ld"
                              " ORDER BY Weekday,S,ClassType,"
                              "GroupName,GrpCod,Place,D DESC,CrsCod",
-                        UsrCod,UsrCod);
+			      UsrCod,UsrCod);
               break;
           }
 	 break;
@ -760,7 +759,7 @@ static void TT_FillTimeTableFromDB (long UsrCod)
         if (Gbl.CurrentCrs.Grps.WhichGrps == Grp_ALL_GROUPS ||
             Gbl.Action.Act == ActEdiCrsTT ||
             Gbl.Action.Act == ActChgCrsTT)	// If we are editing, all groups are shown
-            sprintf (Query,"SELECT "
+            DB_BuildQuery ("SELECT "
        	           "Weekday,"
        	           "TIME_TO_SEC(StartTime) AS S,"
        	           "TIME_TO_SEC(Duration) AS D,"
@ -772,9 +771,9 @@ static void TT_FillTimeTableFromDB (long UsrCod)
                           " WHERE CrsCod=%ld"
                           " ORDER BY Weekday,S,ClassType,"
                           "GroupName,GrpCod,Place,D DESC",
-                     Gbl.CurrentCrs.Crs.CrsCod);
+			   Gbl.CurrentCrs.Crs.CrsCod);
         else
-            sprintf (Query,"SELECT "
+            DB_BuildQuery ("SELECT "
        	           "timetable_crs.Weekday,"
        	           "TIME_TO_SEC(timetable_crs.StartTime) AS S,"
        	           "TIME_TO_SEC(timetable_crs.Duration) AS D,"
@ -800,11 +799,11 @@ static void TT_FillTimeTableFromDB (long UsrCod)
                           " AND timetable_crs.GrpCod=crs_grp_usr.GrpCod"
                           " ORDER BY Weekday,S,ClassType,"
                           "GroupName,GrpCod,Place,D DESC",
-                     Gbl.CurrentCrs.Crs.CrsCod,UsrCod,
+			   Gbl.CurrentCrs.Crs.CrsCod,UsrCod,
-                     Gbl.CurrentCrs.Crs.CrsCod,UsrCod);
+			   Gbl.CurrentCrs.Crs.CrsCod,UsrCod);
 	 break;
      case TT_TUTORING_TIMETABLE:
-         sprintf (Query,"SELECT "
+         DB_BuildQuery ("SELECT "
                        "Weekday,"
                        "TIME_TO_SEC(StartTime) AS S,"
                        "TIME_TO_SEC(Duration) AS D,"
@ -815,7 +814,7 @@ static void TT_FillTimeTableFromDB (long UsrCod)
                  UsrCod);
         break;
     }
-   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get timetable");
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get timetable");
   /***** If viewing (not editing) ==>
          calculate range of hours and resolution *****/
--- a/swad_user.c
+++ b/swad_user.c
--- a/swad_web_service.c
+++ b/swad_web_service.c
@ -282,15 +282,14 @@ void Svc_Exit (const char *DetailErrorMessage)
 static int Svc_GetPlgCodFromAppKey (const char *appKey)
  {
   char Query[128 + Plg_MAX_BYTES_PLUGIN_APP_KEY];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   Gbl.WebService.PlgCod = -1L;
   /***** Get number of plugins with a IP address *****/
-   sprintf (Query,"SELECT PlgCod FROM plugins WHERE AppKey='%s'",appKey);
+   DB_BuildQuery ("SELECT PlgCod FROM plugins WHERE AppKey='%s'",appKey);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not check application key"))	// Session found in table of sessions
+   if (DB_QuerySELECT_new (&mysql_res,"can not check application key"))	// Session found in table of sessions
     {
      row = mysql_fetch_row (mysql_res);
@ -373,7 +372,6 @@ static int Svc_CheckIdSession (const char *IdSession)
 static int Svc_CheckWSKey (char WSKey[Svc_BYTES_WS_KEY + 1])
  {
   char Query[128 + Svc_BYTES_WS_KEY];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
@ -383,9 +381,8 @@ static int Svc_CheckWSKey (char WSKey[Svc_BYTES_WS_KEY + 1])
   Gbl.WebService.PlgCod = -1L;
   /***** Check that key does not exist in database *****/
-   sprintf (Query,"SELECT UsrCod,PlgCod FROM ws_keys WHERE WSKey='%s'",
+   DB_BuildQuery ("SELECT UsrCod,PlgCod FROM ws_keys WHERE WSKey='%s'",WSKey);
-            WSKey);
+   if (DB_QuerySELECT_new (&mysql_res,"can not get existence of key"))	// Session found in table of sessions
   if (DB_QuerySELECT (Query,&mysql_res,"can not get existence of key"))	// Session found in table of sessions
     {
      row = mysql_fetch_row (mysql_res);
@ -500,7 +497,6 @@ static int Svc_RemoveOldWSKeys (void)
 static int Svc_GetCurrentDegCodFromCurrentCrsCod (void)
  {
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
@ -508,9 +504,9 @@ static int Svc_GetCurrentDegCodFromCurrentCrsCod (void)
   Gbl.CurrentDeg.Deg.DegCod = -1L;
   /***** Check that key does not exist in database *****/
-   sprintf (Query,"SELECT DegCod FROM courses WHERE CrsCod=%ld",
+   DB_BuildQuery ("SELECT DegCod FROM courses WHERE CrsCod=%ld",
-            Gbl.CurrentCrs.Crs.CrsCod);
+		  Gbl.CurrentCrs.Crs.CrsCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get the degree of a course"))	// Course found in table of courses
+   if (DB_QuerySELECT_new (&mysql_res,"can not get the degree of a course"))	// Course found in table of courses
     {
      row = mysql_fetch_row (mysql_res);
@ -530,7 +526,6 @@ static int Svc_GetCurrentDegCodFromCurrentCrsCod (void)
 static bool Svc_GetSomeUsrDataFromUsrCod (struct UsrData *UsrDat,long CrsCod)
  {
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
@ -540,12 +535,12 @@ static bool Svc_GetSomeUsrDataFromUsrCod (struct UsrData *UsrDat,long CrsCod)
   /***** Get some user's data *****/
   /* Query database */
-   sprintf (Query,"SELECT Surname1,Surname2,FirstName,Photo,DATE_FORMAT(Birthday,'%%Y%%m%%d')"
+   DB_BuildQuery ("SELECT Surname1,Surname2,FirstName,Photo,DATE_FORMAT(Birthday,'%%Y%%m%%d')"
                  " FROM usr_data WHERE UsrCod=%ld",
-            UsrDat->UsrCod);
+		  UsrDat->UsrCod);
   /* Check number of rows in result */
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get user's data") != 1)
+   if (DB_QuerySELECT_new (&mysql_res,"can not get user's data") != 1)
      return false;
   /* Read some user's data */
@ -580,10 +575,10 @@ static bool Svc_GetSomeUsrDataFromUsrCod (struct UsrData *UsrDat,long CrsCod)
   if (CrsCod > 0)
     {
      /* Get the role in the given course */
-      sprintf (Query,"SELECT Role FROM crs_usr"
+      DB_BuildQuery ("SELECT Role FROM crs_usr"
                     " WHERE CrsCod=%ld AND UsrCod=%ld",
-               CrsCod,UsrDat->UsrCod);
+		     CrsCod,UsrDat->UsrCod);
-      if (DB_QuerySELECT (Query,&mysql_res,"can not get user's role"))	// User belongs to course
+      if (DB_QuerySELECT_new (&mysql_res,"can not get user's role"))	// User belongs to course
 	{
 	 row = mysql_fetch_row (mysql_res);
 	 if (row[0])
@ -611,10 +606,10 @@ static bool Svc_GetSomeUsrDataFromUsrCod (struct UsrData *UsrDat,long CrsCod)
   else
     {
      /* Get the maximum role in any course */
-      sprintf (Query,"SELECT MAX(Role)"
+      DB_BuildQuery ("SELECT MAX(Role)"
                     " FROM crs_usr WHERE UsrCod=%ld",
-               UsrDat->UsrCod);
+		     UsrDat->UsrCod);
-      if (DB_QuerySELECT (Query,&mysql_res,"can not get user's role") == 1)
+      if (DB_QuerySELECT_new (&mysql_res,"can not get user's role") == 1)
 	{
 	 row = mysql_fetch_row (mysql_res);
 	 if (row[0])
@ -788,9 +783,6 @@ int swad__loginByUserPasswordKey (struct soap *soap,
  {
   char UsrIDNickOrEmail[Cns_MAX_BYTES_EMAIL_ADDRESS + 1];
   int ReturnCode;
   char Query[512 +
              Cns_MAX_CHARS_EMAIL_ADDRESS +
              Pwd_BYTES_ENCRYPTED_PASSWORD];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRows;
@ -835,23 +827,23 @@ int swad__loginByUserPasswordKey (struct soap *soap,
      Str_RemoveLeadingArrobas (UsrIDNickOrEmail);
      /* User has typed a nickname */
-      sprintf (Query,"SELECT usr_nicknames.UsrCod"
+      DB_BuildQuery ("SELECT usr_nicknames.UsrCod"
 		     " FROM usr_nicknames,usr_data"
 		     " WHERE usr_nicknames.Nickname='%s'"
 		     " AND usr_nicknames.UsrCod=usr_data.UsrCod"
 		     " AND usr_data.Password='%s'",
-	       UsrIDNickOrEmail,userPassword);
+		     UsrIDNickOrEmail,userPassword);
     }
   else if (Mai_CheckIfEmailIsValid (Gbl.Usrs.Me.UsrIdLogin))		// 2: It's an email
     {
      /* User has typed an email */
      // TODO: Get only if email confirmed?
-      sprintf (Query,"SELECT usr_emails.UsrCod"
+      DB_BuildQuery ("SELECT usr_emails.UsrCod"
 	             " FROM usr_emails,usr_data"
 		     " WHERE usr_emails.E_mail='%s'"
 		     " AND usr_emails.UsrCod=usr_data.UsrCod"
 		     " AND usr_data.Password='%s'",
-	       UsrIDNickOrEmail,userPassword);
+		     UsrIDNickOrEmail,userPassword);
     }
   else									// 3: It's not a nickname nor email
     {
@ -862,11 +854,11 @@ int swad__loginByUserPasswordKey (struct soap *soap,
 	{
 	 /* User has typed a valid user's ID (existing or not) */
 	 // TODO: Get only if ID confirmed?
-	 sprintf (Query,"SELECT usr_IDs.UsrCod FROM usr_IDs,usr_data"
+	 DB_BuildQuery ("SELECT usr_IDs.UsrCod FROM usr_IDs,usr_data"
 			" WHERE usr_IDs.UsrID='%s'"
 			" AND usr_IDs.UsrCod=usr_data.UsrCod"
 			" AND usr_data.Password='%s'",
-		  UsrIDNickOrEmail,userPassword);
+			UsrIDNickOrEmail,userPassword);
 	}
      else	// String is not a valid user's nickname, email or ID
 	 return soap_receiver_fault (Gbl.soap,
@ -875,7 +867,7 @@ int swad__loginByUserPasswordKey (struct soap *soap,
     }
   /***** Get user's data from database *****/
-   if ((NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get user's data")) == 1)	// User found in table of users' data
+   if ((NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get user's data")) == 1)	// User found in table of users' data
     {
      row = mysql_fetch_row (mysql_res);
@ -956,7 +948,6 @@ int swad__loginBySessionKey (struct soap *soap,
                             struct swad__loginBySessionKeyOutput *loginBySessionKeyOut)	// output
  {
   int ReturnCode;
   char Query[256 + Cns_BYTES_SESSION_ID];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRows;
@ -1011,10 +1002,10 @@ int swad__loginBySessionKey (struct soap *soap,
   // Now, we know that sessionID is a valid session identifier
   /***** Query data of the session from database *****/
-   sprintf (Query,"SELECT UsrCod,DegCod,CrsCod FROM sessions"
+   DB_BuildQuery ("SELECT UsrCod,DegCod,CrsCod FROM sessions"
 	          " WHERE SessionId='%s'",
-            sessionID);
+		  sessionID);
-   if ((NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get session data")) == 1)	// Session found in table of sessions
+   if ((NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get session data")) == 1)	// Session found in table of sessions
     {
      row = mysql_fetch_row (mysql_res);
@ -1101,7 +1092,6 @@ int swad__getNewPassword (struct soap *soap,
  {
   int ReturnCode;
   char UsrIDNickOrEmail[Cns_MAX_BYTES_EMAIL_ADDRESS + 1];
   char Query[128 + Cns_MAX_BYTES_EMAIL_ADDRESS];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRows;
@ -1126,15 +1116,15 @@ int swad__getNewPassword (struct soap *soap,
      Str_RemoveLeadingArrobas (UsrIDNickOrEmail);
      /* User has typed a nickname */
-      sprintf (Query,"SELECT UsrCod FROM usr_nicknames WHERE Nickname='%s'",
+      DB_BuildQuery ("SELECT UsrCod FROM usr_nicknames WHERE Nickname='%s'",
-	       UsrIDNickOrEmail);
+		     UsrIDNickOrEmail);
     }
   else if (Mai_CheckIfEmailIsValid (Gbl.Usrs.Me.UsrIdLogin))		// 2: It's an email
     {
      /* User has typed an email */
      // TODO: Get only if email confirmed?
-      sprintf (Query,"SELECT UsrCod FROM usr_emails WHERE E_mail='%s'",
+      DB_BuildQuery ("SELECT UsrCod FROM usr_emails WHERE E_mail='%s'",
-	       UsrIDNickOrEmail);
+		     UsrIDNickOrEmail);
     }
   else									// 3: It's not a nickname nor email
     {
@ -1145,8 +1135,8 @@ int swad__getNewPassword (struct soap *soap,
 	{
 	 /* User has typed a valid user's ID (existing or not) */
 	 // TODO: Get only if ID confirmed?
-	 sprintf (Query,"SELECT UsrCod FROM usr_IDs WHERE UsrID='%s'",
+	 DB_BuildQuery ("SELECT UsrCod FROM usr_IDs WHERE UsrID='%s'",
-		  UsrIDNickOrEmail);
+			UsrIDNickOrEmail);
 	}
      else	// String is not a valid user's nickname, email or ID
 	 return soap_receiver_fault (Gbl.soap,
@ -1155,7 +1145,7 @@ int swad__getNewPassword (struct soap *soap,
     }
   /***** Get user's data from database *****/
-   if ((NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get user's data")) == 1)	// One unique user found in table of users' data
+   if ((NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get user's data")) == 1)	// One unique user found in table of users' data
     {
      row = mysql_fetch_row (mysql_res);
@ -1187,7 +1177,6 @@ int swad__getCourses (struct soap *soap,
                      struct swad__getCoursesOutput *getCoursesOut)	// output
  {
   int ReturnCode;
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow;
@ -1215,11 +1204,11 @@ int swad__getCourses (struct soap *soap,
   Gbl.Usrs.Me.Role.Logged = Gbl.Usrs.Me.UsrDat.Roles.InCurrentCrs.Role;
   /***** Query my courses from database *****/
-   sprintf (Query,"SELECT courses.CrsCod,courses.ShortName,courses.FullName,crs_usr.Role FROM crs_usr,courses"
+   DB_BuildQuery ("SELECT courses.CrsCod,courses.ShortName,courses.FullName,crs_usr.Role FROM crs_usr,courses"
                  " WHERE crs_usr.UsrCod=%ld AND crs_usr.CrsCod=courses.CrsCod"
                  " ORDER BY courses.FullName",
-            Gbl.Usrs.Me.UsrDat.UsrCod);
+		  Gbl.Usrs.Me.UsrDat.UsrCod);
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get user's courses");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get user's courses");
   getCoursesOut->numCourses = (int) NumRows;
   getCoursesOut->coursesArray.__size = (int) NumRows;
@ -1632,7 +1621,6 @@ int swad__getGroupTypes (struct soap *soap,
                         struct swad__getGroupTypesOutput *getGroupTypesOut)	// output
  {
   int ReturnCode;
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow;
@ -1679,12 +1667,12 @@ int swad__getGroupTypes (struct soap *soap,
 	                          "Requester must belong to course");
   /***** Query group types in a course from database *****/
-   sprintf (Query,"SELECT GrpTypCod,GrpTypName,Mandatory,Multiple,UNIX_TIMESTAMP(OpenTime)"
+   DB_BuildQuery ("SELECT GrpTypCod,GrpTypName,Mandatory,Multiple,UNIX_TIMESTAMP(OpenTime)"
 	          " FROM crs_grp_types"
                  " WHERE CrsCod=%d"
                  " ORDER BY GrpTypName",
-            courseCode);
+		  courseCode);
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get group types");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get group types");
   getGroupTypesOut->numGroupTypes = (int) NumRows;
   getGroupTypesOut->groupTypesArray.__size = (int) NumRows;
@ -1741,7 +1729,6 @@ int swad__getGroups (struct soap *soap,
                     struct swad__getGroupsOutput *getGroupsOut)	// output
  {
   int ReturnCode;
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow,NumRows;
@ -1788,15 +1775,15 @@ int swad__getGroups (struct soap *soap,
 	                          "Requester must belong to course");
   /***** Query groups in a course from database *****/
-   sprintf (Query,"SELECT crs_grp_types.GrpTypCod,crs_grp_types.GrpTypName,"
+   DB_BuildQuery ("SELECT crs_grp_types.GrpTypCod,crs_grp_types.GrpTypName,"
 	          "crs_grp.GrpCod,crs_grp.GrpName,"
 	          "crs_grp.MaxStudents,crs_grp.Open,crs_grp.FileZones"
 	          " FROM crs_grp_types,crs_grp"
                  " WHERE crs_grp_types.CrsCod=%d"
                  " AND crs_grp_types.GrpTypCod=crs_grp.GrpTypCod"
                  " ORDER BY crs_grp_types.GrpTypName,crs_grp.GrpName",
-            courseCode);
+		  courseCode);
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get user's groups");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get user's groups");
   getGroupsOut->numGroups = (int) NumRows;
   getGroupsOut->groupsArray.__size = (int) NumRows;
@ -1872,7 +1859,6 @@ int swad__sendMyGroups (struct soap *soap,
   const char *Ptr;
   char LongStr[1 + 10 + 1];
   unsigned NumGrp;
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow,NumRows;
@ -1950,15 +1936,15 @@ int swad__sendMyGroups (struct soap *soap,
   Grp_FreeListCodGrp (&LstGrpsIWant);
   /***** Query groups in a course from database *****/
-   sprintf (Query,"SELECT crs_grp_types.GrpTypCod,crs_grp_types.GrpTypName,"
+   DB_BuildQuery ("SELECT crs_grp_types.GrpTypCod,crs_grp_types.GrpTypName,"
 	          "crs_grp.GrpCod,crs_grp.GrpName,"
 	          "crs_grp.MaxStudents,crs_grp.Open,crs_grp.FileZones"
 	          " FROM crs_grp_types,crs_grp"
                  " WHERE crs_grp_types.CrsCod=%d"
                  " AND crs_grp_types.GrpTypCod=crs_grp.GrpTypCod"
                  " ORDER BY crs_grp_types.GrpTypName,crs_grp.GrpName",
-            courseCode);
+		  courseCode);
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get user's groups");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get user's groups");
   SendMyGroupsOut->numGroups = (int) NumRows;
   SendMyGroupsOut->groupsArray.__size = (int) NumRows;
@ -2085,7 +2071,6 @@ int swad__getAttendanceEvents (struct soap *soap,
                               struct swad__getAttendanceEventsOutput *getAttendanceEventsOut)	// output
  {
   int ReturnCode;
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   int NumAttEvent;
@ -2129,16 +2114,16 @@ int swad__getAttendanceEvents (struct soap *soap,
 	                          "Requester must be a teacher");
   /***** Query list of attendance events *****/
-   sprintf (Query,"SELECT AttCod,Hidden,UsrCod,"
+   DB_BuildQuery ("SELECT AttCod,Hidden,UsrCod,"
                  "UNIX_TIMESTAMP(StartTime) AS ST,"
                  "UNIX_TIMESTAMP(EndTime) AS ET,"
                  "CommentTchVisible,Title,Txt"
 	          " FROM att_events"
                  " WHERE CrsCod=%d"
                  " ORDER BY ST DESC,ET DESC,Title DESC",
-            courseCode);
+		  courseCode);
   getAttendanceEventsOut->eventsArray.__size =
-   getAttendanceEventsOut->numEvents          = (int) DB_QuerySELECT (Query,&mysql_res,"can not get attendance events");
+   getAttendanceEventsOut->numEvents          = (int) DB_QuerySELECT_new (&mysql_res,"can not get attendance events");
   if (getAttendanceEventsOut->numEvents == 0)
      getAttendanceEventsOut->eventsArray.__ptr = NULL;
@ -2243,7 +2228,6 @@ int swad__getAttendanceEvents (struct soap *soap,
 static void Svc_GetListGrpsInAttendanceEventFromDB (long AttCod,char **ListGroups)
  {
   char Query[128];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   long NumGrps;
@ -2253,9 +2237,9 @@ static void Svc_GetListGrpsInAttendanceEventFromDB (long AttCod,char **ListGroup
   size_t Length;
   /***** Get list of groups *****/
-   sprintf (Query,"SELECT GrpCod FROM att_grp WHERE AttCod=%ld",
+   DB_BuildQuery ("SELECT GrpCod FROM att_grp WHERE AttCod=%ld",
-	    AttCod);
+		  AttCod);
-   if ((NumGrps = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get groups of an attendance event")) == 0)
+   if ((NumGrps = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get groups of an attendance event")) == 0)
      *ListGroups = NULL;
   else	// Events found
     {
@ -2511,7 +2495,6 @@ int swad__getAttendanceUsers (struct soap *soap,
   int ReturnCode;
   struct AttendanceEvent Att;
   char SubQuery[512];
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow,NumRows;
@ -2583,14 +2566,14 @@ int swad__getAttendanceUsers (struct soap *soap,
 	       (unsigned) Rol_STD,
 	       Att.AttCod);
   // Query: list of users in attendance list + rest of users (subquery)
-   sprintf (Query,"SELECT u.UsrCod,u.Present FROM "
+   DB_BuildQuery ("SELECT u.UsrCod,u.Present FROM "
 		  "(SELECT UsrCod,Present"
 		  " FROM att_usr WHERE AttCod=%ld"
 		  " UNION %s) AS u,usr_data"
 		  " WHERE u.UsrCod=usr_data.UsrCod"
 		  " ORDER BY usr_data.Surname1,usr_data.Surname2,usr_data.FirstName",
-	    (long) attendanceEventCode,SubQuery);
+		  (long) attendanceEventCode,SubQuery);
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get users in an attendance event");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get users in an attendance event");
   getAttendanceUsersOut->numUsers = (int) NumRows;
   getAttendanceUsersOut->usersArray.__size = (int) NumRows;
@ -2824,7 +2807,6 @@ int swad__getNotifications (struct soap *soap,
   extern const char *Txt_Centre;
   extern const char *Txt_Institution;
   int ReturnCode;
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumNotifications;
@ -2870,13 +2852,13 @@ int swad__getNotifications (struct soap *soap,
      return ReturnCode;
   /***** Get my notifications from database *****/
-   sprintf (Query,"SELECT NtfCod,NotifyEvent,UNIX_TIMESTAMP(TimeNotif),"
+   DB_BuildQuery ("SELECT NtfCod,NotifyEvent,UNIX_TIMESTAMP(TimeNotif),"
 	          "FromUsrCod,InsCod,CtrCod,DegCod,CrsCod,Cod,Status"
                  " FROM notif"
                  " WHERE ToUsrCod=%ld AND TimeNotif>=FROM_UNIXTIME(%ld)"
                  " ORDER BY TimeNotif DESC",
-            Gbl.Usrs.Me.UsrDat.UsrCod,beginTime);
+		  Gbl.Usrs.Me.UsrDat.UsrCod,beginTime);
-   NumNotifications = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get user's notifications");
+   NumNotifications = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get user's notifications");
   if (NumNotifications)	// Notifications found
     {
      getNotificationsOut->numNotifications = (int) NumNotifications;
@ -3051,16 +3033,15 @@ int swad__getNotifications (struct soap *soap,
 static int Svc_GetMyLanguage (void)
  {
   extern const char *Txt_STR_LANG_ID[1 + Txt_NUM_LANGUAGES];
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   Txt_Language_t Lan;
   /***** Get user's language *****/
-   sprintf (Query,"SELECT Language FROM usr_data"
+   DB_BuildQuery ("SELECT Language FROM usr_data"
 	          " WHERE UsrCod=%ld",
-	    Gbl.Usrs.Me.UsrDat.UsrCod);
+		  Gbl.Usrs.Me.UsrDat.UsrCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get user's language") != 1)
+   if (DB_QuerySELECT_new (&mysql_res,"can not get user's language") != 1)
      return soap_receiver_fault (Gbl.soap,
 	                          "Can not get user's language from database",
 	                          "User doen't exist in database");
@ -3164,7 +3145,6 @@ int swad__sendMessage (struct soap *soap,
   int ReturnCode;
   long ReplyUsrCod = -1L;
   char Nickname[Nck_MAX_BYTES_NICKNAME_FROM_FORM + 1];
   char Query[Svc_MAX_BYTES_QUERY_RECIPIENTS + 1];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow,NumRows;
@ -3198,15 +3178,15 @@ int swad__sendMessage (struct soap *soap,
   if (messageCode)
     {
      /***** Check if the original message was really received by me *****/
-      sprintf (Query,"SELECT SUM(N) FROM"
+      DB_BuildQuery ("SELECT SUM(N) FROM"
                     " (SELECT COUNT(*) AS N FROM msg_rcv"
                     " WHERE UsrCod=%ld AND MsgCod=%ld"
                     " UNION"
                     " SELECT COUNT(*) AS N FROM msg_rcv_deleted"
                     " WHERE UsrCod=%ld AND MsgCod=%ld) AS T",
-               Gbl.Usrs.Me.UsrDat.UsrCod,(long) messageCode,
+		     Gbl.Usrs.Me.UsrDat.UsrCod,(long) messageCode,
-               Gbl.Usrs.Me.UsrDat.UsrCod,(long) messageCode);
+		     Gbl.Usrs.Me.UsrDat.UsrCod,(long) messageCode);
-      if (!DB_QuerySELECT (Query,&mysql_res,"can not check original message"))
+      if (!DB_QuerySELECT_new (&mysql_res,"can not check original message"))
         return soap_sender_fault (Gbl.soap,
                                   "Can not check original message",
                                   "Error reading from database");
@ -3227,13 +3207,13 @@ int swad__sendMessage (struct soap *soap,
                                   "Original message does not exist");
      /***** Get the recipient of the message *****/
-      sprintf (Query,"SELECT UsrCod FROM msg_snt"
+      DB_BuildQuery ("SELECT UsrCod FROM msg_snt"
                     " WHERE MsgCod=%ld"
                     " UNION "
                     "SELECT UsrCod FROM msg_snt_deleted"
                     " WHERE MsgCod=%ld",
-               (long) messageCode,(long) messageCode);
+		     (long) messageCode,(long) messageCode);
-      if ((NumRows = DB_QuerySELECT (Query,&mysql_res,"can not check original message")))	// Message found in any of the two tables of sent messages
+      if ((NumRows = DB_QuerySELECT_new (&mysql_res,"can not check original message")))	// Message found in any of the two tables of sent messages
        {
         row = mysql_fetch_row (mysql_res);
         ReplyUsrCod = Str_ConvertStrCodToLongCod (row[0]);
@ -3248,14 +3228,18 @@ int swad__sendMessage (struct soap *soap,
                                   "Original message does not exist");
     }
   /***** Allocate space for query *****/
   if ((Gbl.DB.QueryPtr = (char *) malloc (Svc_MAX_BYTES_QUERY_RECIPIENTS + 1)) == NULL)
      Lay_NotEnoughMemoryExit ();
   /***** Build query for recipients from database *****/
   if (ReplyUsrCod > 0)
-      sprintf (Query,"SELECT UsrCod FROM usr_data"
+      snprintf (Gbl.DB.QueryPtr,Svc_MAX_BYTES_QUERY_RECIPIENTS + 1,
-	             " WHERE UsrCod=%ld",
+	        "SELECT UsrCod FROM usr_data"
-	       ReplyUsrCod);
+	        " WHERE UsrCod=%ld",
 	        ReplyUsrCod);
   else
-      Query[0] = '\0';
+      Gbl.DB.QueryPtr[0] = '\0';
   /***** Loop over recipients' nicknames building query *****/
   Ptr = to;
@ -3270,7 +3254,7 @@ int swad__sendMessage (struct soap *soap,
         Str_RemoveLeadingArrobas (Nickname);
 	 /* Check for overflow in query */
-	 if (strlen (Query) + Nck_MAX_BYTES_NICKNAME_WITHOUT_ARROBA + 32 >
+	 if (strlen (Gbl.DB.QueryPtr) + Nck_MAX_BYTES_NICKNAME_WITHOUT_ARROBA + 32 >
 	     Svc_MAX_BYTES_QUERY_RECIPIENTS)
 	    return soap_sender_fault (Gbl.soap,
 				      "Can not send message",
@ -3280,25 +3264,25 @@ int swad__sendMessage (struct soap *soap,
 	 if (FirstNickname)
 	   {
 	    if (ReplyUsrCod > 0)
-	       Str_Concat (Query," UNION ",
+	       Str_Concat (Gbl.DB.QueryPtr," UNION ",
 	                   Svc_MAX_BYTES_QUERY_RECIPIENTS);
-	    Str_Concat (Query,"SELECT UsrCod FROM usr_nicknames"
+	    Str_Concat (Gbl.DB.QueryPtr,"SELECT UsrCod FROM usr_nicknames"
 			      " WHERE Nickname IN ('",
 			Svc_MAX_BYTES_QUERY_RECIPIENTS);
 	    FirstNickname = false;
 	    ThereAreNicknames = true;
 	   }
 	 else
-	    Str_Concat (Query,",'",
+	    Str_Concat (Gbl.DB.QueryPtr,",'",
 	                Svc_MAX_BYTES_QUERY_RECIPIENTS);
-	 Str_Concat (Query,Nickname,
+	 Str_Concat (Gbl.DB.QueryPtr,Nickname,
 	             Svc_MAX_BYTES_QUERY_RECIPIENTS);
-	 Str_Concat (Query,"'",
+	 Str_Concat (Gbl.DB.QueryPtr,"'",
 	             Svc_MAX_BYTES_QUERY_RECIPIENTS);
 	}
     }
   if (ThereAreNicknames)
-      Str_Concat (Query,")",
+      Str_Concat (Gbl.DB.QueryPtr,")",
                  Svc_MAX_BYTES_QUERY_RECIPIENTS);
   /***** Initialize output structure *****/
@ -3309,7 +3293,7 @@ int swad__sendMessage (struct soap *soap,
   if (ReplyUsrCod > 0 || ThereAreNicknames)	// There are a recipient to reply or nicknames in "to"
     {
      /***** Get users *****/
-      NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get users");
+      NumRows = DB_QuerySELECT_new (&mysql_res,"can not get users");
      sendMessageOut->numUsers = (int) NumRows;
      sendMessageOut->usersArray.__size = (int) NumRows;
@ -3580,15 +3564,14 @@ int swad__getTestConfig (struct soap *soap,
 static int Svc_GetTstConfig (long CrsCod)
  {
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   /***** Query database *****/
-   sprintf (Query,"SELECT Pluggable,Min,Def,Max,MinTimeNxtTstPerQst,Feedback"
+   DB_BuildQuery ("SELECT Pluggable,Min,Def,Max,MinTimeNxtTstPerQst,Feedback"
                  " FROM tst_config WHERE CrsCod=%ld",
-            CrsCod);
+                  CrsCod);
-   if (DB_QuerySELECT (Query,&mysql_res,"can not get test configuration"))
+   if (DB_QuerySELECT_new (&mysql_res,"can not get test configuration"))
     {
      /***** Get minimun, default and maximum *****/
      row = mysql_fetch_row (mysql_res);
@ -3722,19 +3705,18 @@ int swad__getTests (struct soap *soap,
 static int Svc_GetTstTags (long CrsCod,struct swad__getTestsOutput *getTestsOut)
  {
   extern const char *Txt_STR_LANG_ID[1 + Txt_NUM_LANGUAGES];
   char Query[512];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow;
   unsigned NumRows;
   /***** Get available tags from database *****/
-   sprintf (Query,"SELECT TagCod,TagTxt"
+   DB_BuildQuery ("SELECT TagCod,TagTxt"
 	          " FROM tst_tags"
                  " WHERE CrsCod=%ld AND TagHidden='N'"
                  " ORDER BY TagTxt",
-            CrsCod);
+		  CrsCod);
-   NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get test tags");
+   NumRows = DB_QuerySELECT_new (&mysql_res,"can not get test tags");
   getTestsOut->tagsArray.__size = (int) NumRows;
@ -3774,7 +3756,6 @@ static int Svc_GetTstTags (long CrsCod,struct swad__getTestsOutput *getTestsOut)
 static int Svc_GetTstQuestions (long CrsCod,long BeginTime,struct swad__getTestsOutput *getTestsOut)
  {
   extern const char *Tst_StrAnswerTypesXML[Tst_NUM_ANS_TYPES];
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow;
@ -3783,7 +3764,7 @@ static int Svc_GetTstQuestions (long CrsCod,long BeginTime,struct swad__getTests
   /***** Get recent test questions from database *****/
   // DISTINCTROW is necessary to not repeat questions
-   sprintf (Query,"SELECT DISTINCTROW tst_questions.QstCod,"
+   DB_BuildQuery ("SELECT DISTINCTROW tst_questions.QstCod,"
 	          "tst_questions.AnsType,tst_questions.Shuffle,"
 	          "tst_questions.Stem,tst_questions.Feedback"
 		  " FROM tst_questions,tst_question_tags,tst_tags"
@ -3802,10 +3783,10 @@ static int Svc_GetTstQuestions (long CrsCod,long BeginTime,struct swad__getTests
                  "tst_tags.ChangeTime>=FROM_UNIXTIME(%ld)"
                  ")"
                  " ORDER BY QstCod",
-            CrsCod,CrsCod,CrsCod,
+		  CrsCod,CrsCod,CrsCod,
-            BeginTime,
+		  BeginTime,
-            BeginTime);
+		  BeginTime);
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get test questions");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get test questions");
   getTestsOut->questionsArray.__size = (int) NumRows;
@ -3861,14 +3842,13 @@ static int Svc_GetTstQuestions (long CrsCod,long BeginTime,struct swad__getTests
 static int Svc_GetTstAnswers (long CrsCod,long BeginTime,struct swad__getTestsOutput *getTestsOut)
  {
   extern const char *Tst_StrAnswerTypesXML[Tst_NUM_ANS_TYPES];
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow,NumRows;
   unsigned Index;
   /***** Get recent test questions from database *****/
-   sprintf (Query,"SELECT QstCod,AnsInd,Correct,Answer,Feedback"
+   DB_BuildQuery ("SELECT QstCod,AnsInd,Correct,Answer,Feedback"
                  " FROM tst_answers WHERE QstCod IN "
                  "(SELECT tst_questions.QstCod"
 		  " FROM tst_questions,tst_question_tags,tst_tags"
@ -3888,10 +3868,10 @@ static int Svc_GetTstAnswers (long CrsCod,long BeginTime,struct swad__getTestsOu
                  ")"
                  ")"
                  " ORDER BY QstCod,AnsInd",
-            CrsCod,CrsCod,CrsCod,
+		  CrsCod,CrsCod,CrsCod,
-            BeginTime,
+		  BeginTime,
-            BeginTime);
+		  BeginTime);
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get test answers");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get test answers");
   getTestsOut->answersArray.__size = (int) NumRows;
@ -3946,14 +3926,13 @@ static int Svc_GetTstAnswers (long CrsCod,long BeginTime,struct swad__getTestsOu
 static int Svc_GetTstQuestionTags (long CrsCod,long BeginTime,struct swad__getTestsOutput *getTestsOut)
  {
   extern const char *Tst_StrAnswerTypesXML[Tst_NUM_ANS_TYPES];
   char Query[1024];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow,NumRows;
   unsigned Index;
   /***** Get recent test questions from database *****/
-   sprintf (Query,"SELECT QstCod,TagCod,TagInd"
+   DB_BuildQuery ("SELECT QstCod,TagCod,TagInd"
                  " FROM tst_question_tags WHERE QstCod IN "
                  "(SELECT tst_questions.QstCod"
 		  " FROM tst_questions,tst_question_tags,tst_tags"
@ -3973,10 +3952,10 @@ static int Svc_GetTstQuestionTags (long CrsCod,long BeginTime,struct swad__getTe
                  ")"
                  ")"
                  " ORDER BY QstCod,TagInd",
-            CrsCod,CrsCod,CrsCod,
+		  CrsCod,CrsCod,CrsCod,
-            BeginTime,
+		  BeginTime,
-            BeginTime);
+		  BeginTime);
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get test question tags");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get test question tags");
   getTestsOut->questionTagsArray.__size = (int) NumRows;
@ -4032,7 +4011,6 @@ int swad__getTrivialQuestion (struct soap *soap,
   //   DegStr=",   '   - number '  \0"
   long DegCod;
   bool FirstDegree = true;
   char Query[4096];
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned NumRow;
@ -4114,7 +4092,7 @@ int swad__getTrivialQuestion (struct soap *soap,
   /***** Start query *****/
   Str_SetDecimalPointToUS ();	// To print the floating point as a dot
-   sprintf (Query,"SELECT DISTINCTROW tst_questions.QstCod,"
+   DB_BuildQuery ("SELECT DISTINCTROW tst_questions.QstCod,"
 	          "tst_questions.AnsType,tst_questions.Shuffle,"
 	          "tst_questions.Stem,tst_questions.Feedback,"
 	          "tst_questions.Score/tst_questions.NumHits AS S"
@ -4132,11 +4110,11 @@ int swad__getTrivialQuestion (struct soap *soap,
 		  " AND tst_tags.TagCod=tst_question_tags.TagCod)"
                  " HAVING S>='%f' AND S<='%f'"
                  " ORDER BY RAND(NOW()) LIMIT 1",
-            DegreesStr,DegreesStr,
+		  DegreesStr,DegreesStr,
-            lowerScore,upperScore);
+		  lowerScore,upperScore);
   Str_SetDecimalPointToLocal ();	// Return to local system
-   NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get test questions");
+   NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get test questions");
   if (NumRows == 1)	// Question found
     {
@ -4203,11 +4181,11 @@ int swad__getTrivialQuestion (struct soap *soap,
   if (QstCod > 0)
     {
      /***** Get answer from database *****/
-      sprintf (Query,"SELECT QstCod,AnsInd,Correct,Answer,Feedback"
+      DB_BuildQuery ("SELECT QstCod,AnsInd,Correct,Answer,Feedback"
 		     " FROM tst_answers WHERE QstCod=%ld"
 		     " ORDER BY AnsInd",
-	       QstCod);
+		     QstCod);
-      NumRows = (unsigned) DB_QuerySELECT (Query,&mysql_res,"can not get test answers");
+      NumRows = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get test answers");
      getTrivialQuestionOut->answersArray.__size = (int) NumRows;