Version 18.9.5

2018-10-29 13:38:03 +01:00 · 2018-10-29 13:38:03 +01:00 · 7cdf0c2315
parent 061c7a6f55
commit 7cdf0c2315
10 changed files with 412 additions and 554 deletions
--- a/swad_changelog.h
+++ b/swad_changelog.h
@ -355,10 +355,11 @@ En OpenSWAD:
 ps2pdf source.ps destination.pdf
 */
-#define Log_PLATFORM_VERSION	"SWAD 18.9.4 (2018-10-29)"
+#define Log_PLATFORM_VERSION	"SWAD 18.9.5 (2018-10-29)"
 #define CSS_FILE		"swad18.4.css"
 #define JS_FILE			"swad17.17.1.js"
 /*
 	Version 18.9.5:   Oct 29, 2018  Some sprintf for database queries changed by internal function. (235775 lines)
 	Version 18.9.4:   Oct 29, 2018  Some sprintf for database queries changed by internal function. (235868 lines)
 	Version 18.9.3:   Oct 29, 2018  Some sprintf for database queries changed by internal function. (235952 lines)
 	Version 18.9.2:   Oct 29, 2018  Some sprintf for database queries changed by internal function. (235988 lines)
--- a/swad_database.c
+++ b/swad_database.c
@ -3166,26 +3166,6 @@ unsigned long DB_QueryCOUNT_new (const char *MsgError)
   return NumRows;
  }
 unsigned long DB_QueryCOUNT (const char *Query,const char *MsgError)
  {
   MYSQL_RES *mysql_res;
   MYSQL_ROW row;
   unsigned long NumRows;
   /***** Make query "SELECT COUNT(*) FROM..." *****/
   DB_QuerySELECT (Query,&mysql_res,MsgError);
   /***** Get number of rows *****/
   row = mysql_fetch_row (mysql_res);
   if (sscanf (row[0],"%lu",&NumRows) != 1)
      Lay_ShowErrorAndExit ("Error when counting number of rows.");
   /***** Free structure that stores the query result *****/
   DB_FreeMySQLResult (&mysql_res);
   return NumRows;
  }
 /*****************************************************************************/
 /******************** Make an INSERT query in database ***********************/
 /*****************************************************************************/
--- a/swad_database.h
+++ b/swad_database.h
@ -43,7 +43,6 @@ unsigned long DB_QuerySELECT_new (MYSQL_RES **mysql_res,const char *MsgError);
 unsigned long DB_QuerySELECT (const char *Query,MYSQL_RES **mysql_res,const char *MsgError);
 unsigned long DB_QueryCOUNT_new (const char *MsgError);
 unsigned long DB_QueryCOUNT (const char *Query,const char *MsgError);
 void DB_QueryINSERT_new (const char *MsgError);
--- a/swad_session.c
+++ b/swad_session.c
@ -62,11 +62,9 @@ static bool Ses_CheckIfHiddenParIsAlreadyInDB (Act_Action_t NextAction,
 void Ses_GetNumSessions (void)
  {
   char Query[128];
   /***** Get the number of open sessions from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM sessions");
+   DB_BuildQuery ("SELECT COUNT(*) FROM sessions");
-   Gbl.Session.NumSessions = (unsigned) DB_QueryCOUNT (Query,"can not get the number of open sessions");
+   Gbl.Session.NumSessions = (unsigned) DB_QueryCOUNT_new ("can not get the number of open sessions");
   Gbl.Usrs.Connected.TimeToRefreshInMs = (unsigned long) (Gbl.Session.NumSessions/Cfg_TIMES_PER_SECOND_REFRESH_CONNECTED) * 1000UL;
   if (Gbl.Usrs.Connected.TimeToRefreshInMs < Con_MIN_TIME_TO_REFRESH_CONNECTED_IN_MS)
@ -107,12 +105,9 @@ void Ses_CreateSession (void)
 bool Ses_CheckIfSessionExists (const char *IdSes)
  {
   char Query[128 + Cns_BYTES_SESSION_ID];
   /***** Get if session already exists in database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM sessions WHERE SessionId='%s'",
+   DB_BuildQuery ("SELECT COUNT(*) FROM sessions WHERE SessionId='%s'",IdSes);
-            IdSes);
+   return (DB_QueryCOUNT_new ("can not check if a session already existed") != 0);
   return (DB_QueryCOUNT (Query,"can not check if a session already existed") != 0);
  }
 /*****************************************************************************/
@ -393,13 +388,11 @@ void Ses_RemoveHiddenParFromExpiredSessions (void)
 static bool Ses_CheckIfHiddenParIsAlreadyInDB (Act_Action_t NextAction,
                                               const char *ParamName)
  {
   char Query[512 + Cns_BYTES_SESSION_ID];
   /***** Get a hidden parameter from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM hidden_params"
+   DB_BuildQuery ("SELECT COUNT(*) FROM hidden_params"
                  " WHERE SessionId='%s' AND Action=%ld AND ParamName='%s'",
-            Gbl.Session.Id,Act_GetActCod (NextAction),ParamName);
+		  Gbl.Session.Id,Act_GetActCod (NextAction),ParamName);
-   return (DB_QueryCOUNT (Query,"can not check if a hidden parameter is already in database") != 0);
+   return (DB_QueryCOUNT_new ("can not check if a hidden parameter is already in database") != 0);
  }
 /*****************************************************************************/
--- a/swad_social.c
+++ b/swad_social.c
@ -2398,12 +2398,10 @@ static void Soc_PutHiddenFormToWriteNewCommentToSocialNote (long NotCod,
 static unsigned long Soc_GetNumCommentsInSocialNote (long NotCod)
  {
-   char Query[128];
+   DB_BuildQuery ("SELECT COUNT(*) FROM social_pubs"
   sprintf (Query,"SELECT COUNT(*) FROM social_pubs"
 	          " WHERE NotCod=%ld AND PubType=%u",
-	    NotCod,(unsigned) Soc_PUB_COMMENT_TO_NOTE);
+		  NotCod,(unsigned) Soc_PUB_COMMENT_TO_NOTE);
-   return DB_QueryCOUNT (Query,"can not get number of comments in a social note");
+   return DB_QueryCOUNT_new ("can not get number of comments in a social note");
  }
 /*****************************************************************************/
@ -4227,12 +4225,10 @@ void Soc_RemoveUsrSocialContent (long UsrCod)
 static bool Soc_CheckIfNoteIsSharedByUsr (long NotCod,long UsrCod)
  {
-   char Query[256];
+   DB_BuildQuery ("SELECT COUNT(*) FROM social_pubs"
   sprintf (Query,"SELECT COUNT(*) FROM social_pubs"
 	          " WHERE NotCod=%ld AND PublisherCod=%ld AND PubType=%u",
-	    NotCod,UsrCod,(unsigned) Soc_PUB_SHARED_NOTE);
+		  NotCod,UsrCod,(unsigned) Soc_PUB_SHARED_NOTE);
-   return (DB_QueryCOUNT (Query,"can not check if a user has shared a social note") != 0);
+   return (DB_QueryCOUNT_new ("can not check if a user has shared a social note") != 0);
  }
 /*****************************************************************************/
@ -4241,12 +4237,10 @@ static bool Soc_CheckIfNoteIsSharedByUsr (long NotCod,long UsrCod)
 static bool Soc_CheckIfNoteIsFavedByUsr (long NotCod,long UsrCod)
  {
-   char Query[256];
+   DB_BuildQuery ("SELECT COUNT(*) FROM social_notes_fav"
   sprintf (Query,"SELECT COUNT(*) FROM social_notes_fav"
 	          " WHERE NotCod=%ld AND UsrCod=%ld",
-	    NotCod,UsrCod);
+		  NotCod,UsrCod);
-   return (DB_QueryCOUNT (Query,"can not check if a user has favourited a social note") != 0);
+   return (DB_QueryCOUNT_new ("can not check if a user has favourited a social note") != 0);
  }
 /*****************************************************************************/
@ -4255,12 +4249,10 @@ static bool Soc_CheckIfNoteIsFavedByUsr (long NotCod,long UsrCod)
 static bool Soc_CheckIfCommIsFavedByUsr (long PubCod,long UsrCod)
  {
-   char Query[256];
+   DB_BuildQuery ("SELECT COUNT(*) FROM social_comments_fav"
   sprintf (Query,"SELECT COUNT(*) FROM social_comments_fav"
 	          " WHERE PubCod=%ld AND UsrCod=%ld",
-	    PubCod,UsrCod);
+		  PubCod,UsrCod);
-   return (DB_QueryCOUNT (Query,"can not check if a user has favourited a social comment") != 0);
+   return (DB_QueryCOUNT_new ("can not check if a user has favourited a social comment") != 0);
  }
 /*****************************************************************************/
@ -4269,17 +4261,15 @@ static bool Soc_CheckIfCommIsFavedByUsr (long PubCod,long UsrCod)
 static unsigned Soc_UpdateNumTimesANoteHasBeenShared (struct SocialNote *SocNot)
  {
   char Query[256];
   /***** Get number of times (users) this note has been shared *****/
-   sprintf (Query,"SELECT COUNT(*) FROM social_pubs"
+   DB_BuildQuery ("SELECT COUNT(*) FROM social_pubs"
 	          " WHERE NotCod=%ld"
 	          " AND PublisherCod<>%ld"
 		  " AND PubType=%u",
-	    SocNot->NotCod,
+		  SocNot->NotCod,
-	    SocNot->UsrCod,	// The author
+		  SocNot->UsrCod,	// The author
-	    (unsigned) Soc_PUB_SHARED_NOTE);
+		  (unsigned) Soc_PUB_SHARED_NOTE);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get number of times a note has been shared");
+   return (unsigned) DB_QueryCOUNT_new ("can not get number of times a note has been shared");
  }
 /*****************************************************************************/
@ -4288,15 +4278,13 @@ static unsigned Soc_UpdateNumTimesANoteHasBeenShared (struct SocialNote *SocNot)
 static unsigned Soc_GetNumTimesANoteHasBeenFav (struct SocialNote *SocNot)
  {
   char Query[256];
   /***** Get number of times (users) this note has been favourited *****/
-   sprintf (Query,"SELECT COUNT(*) FROM social_notes_fav"
+   DB_BuildQuery ("SELECT COUNT(*) FROM social_notes_fav"
 	          " WHERE NotCod=%ld"
 	          " AND UsrCod<>%ld",	// Extra check
-	    SocNot->NotCod,
+		  SocNot->NotCod,
-	    SocNot->UsrCod);	// The author
+		  SocNot->UsrCod);	// The author
-   return (unsigned) DB_QueryCOUNT (Query,"can not get number of times a note has been favourited");
+   return (unsigned) DB_QueryCOUNT_new ("can not get number of times a note has been favourited");
  }
 /*****************************************************************************/
@ -4305,15 +4293,13 @@ static unsigned Soc_GetNumTimesANoteHasBeenFav (struct SocialNote *SocNot)
 static unsigned Soc_GetNumTimesACommHasBeenFav (struct SocialComment *SocCom)
  {
   char Query[256];
   /***** Get number of times (users) this comment has been favourited *****/
-   sprintf (Query,"SELECT COUNT(*) FROM social_comments_fav"
+   DB_BuildQuery ("SELECT COUNT(*) FROM social_comments_fav"
 	          " WHERE PubCod=%ld"
 	          " AND UsrCod<>%ld",	// Extra check
-	    SocCom->PubCod,
+		  SocCom->PubCod,
-	    SocCom->UsrCod);	// The author
+		  SocCom->UsrCod);	// The author
-   return (unsigned) DB_QueryCOUNT (Query,"can not get number of times a comment has been favourited");
+   return (unsigned) DB_QueryCOUNT_new ("can not get number of times a comment has been favourited");
  }
 /*****************************************************************************/
--- a/swad_statistic.c
+++ b/swad_statistic.c
--- a/swad_survey.c
+++ b/swad_survey.c
@ -1758,15 +1758,14 @@ void Svy_UnhideSurvey (void)
 static bool Svy_CheckIfSimilarSurveyExists (struct Survey *Svy)
  {
   extern const char *Sco_ScopeDB[Sco_NUM_SCOPES];
   char Query[512 + Svy_MAX_BYTES_SURVEY_TITLE];
   /***** Get number of surveys with a field value from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM surveys"
+   DB_BuildQuery ("SELECT COUNT(*) FROM surveys"
                  " WHERE Scope='%s' AND Cod=%ld"
                  " AND Title='%s' AND SvyCod<>%ld",
-            Sco_ScopeDB[Svy->Scope],Svy->Cod,
+		  Sco_ScopeDB[Svy->Scope],Svy->Cod,
-            Svy->Title,Svy->SvyCod);
+		  Svy->Title,Svy->SvyCod);
-   return (DB_QueryCOUNT (Query,"can not get similar surveys") != 0);
+   return (DB_QueryCOUNT_new ("can not get similar surveys") != 0);
  }
 /*****************************************************************************/
@ -2326,12 +2325,9 @@ static void Svy_UpdateSurvey (struct Survey *Svy,const char *Txt)
 static bool Svy_CheckIfSvyIsAssociatedToGrps (long SvyCod)
  {
   char Query[128];
   /***** Get if a survey is associated to a group from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM svy_grp WHERE SvyCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(*) FROM svy_grp WHERE SvyCod=%ld",SvyCod);
-            SvyCod);
+   return (DB_QueryCOUNT_new ("can not check if a survey is associated to groups") != 0);
   return (DB_QueryCOUNT (Query,"can not check if a survey is associated to groups") != 0);
  }
 /*****************************************************************************/
@ -2340,13 +2336,11 @@ static bool Svy_CheckIfSvyIsAssociatedToGrps (long SvyCod)
 bool Svy_CheckIfSvyIsAssociatedToGrp (long SvyCod,long GrpCod)
  {
   char Query[256];
   /***** Get if a survey is associated to a group from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM svy_grp"
+   DB_BuildQuery ("SELECT COUNT(*) FROM svy_grp"
 	          " WHERE SvyCod=%ld AND GrpCod=%ld",
-            SvyCod,GrpCod);
+		  SvyCod,GrpCod);
-   return (DB_QueryCOUNT (Query,"can not check if a survey is associated to a group") != 0);
+   return (DB_QueryCOUNT_new ("can not check if a survey is associated to a group") != 0);
  }
 /*****************************************************************************/
@ -2534,17 +2528,15 @@ void Svy_RemoveSurveys (Sco_Scope_t Scope,long Cod)
 static bool Svy_CheckIfICanDoThisSurveyBasedOnGrps (long SvyCod)
  {
   char Query[512];
   /***** Get if I can do a survey from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM surveys"
+   DB_BuildQuery ("SELECT COUNT(*) FROM surveys"
                  " WHERE SvyCod=%ld"
                  " AND (SvyCod NOT IN (SELECT SvyCod FROM svy_grp) OR"
                  " SvyCod IN (SELECT svy_grp.SvyCod FROM svy_grp,crs_grp_usr"
                  " WHERE crs_grp_usr.UsrCod=%ld"
                  " AND svy_grp.GrpCod=crs_grp_usr.GrpCod))",
-            SvyCod,Gbl.Usrs.Me.UsrDat.UsrCod);
+		  SvyCod,Gbl.Usrs.Me.UsrDat.UsrCod);
-   return (DB_QueryCOUNT (Query,"can not check if I can do a survey") != 0);
+   return (DB_QueryCOUNT_new ("can not check if I can do a survey") != 0);
  }
 /*****************************************************************************/
@ -2553,12 +2545,9 @@ static bool Svy_CheckIfICanDoThisSurveyBasedOnGrps (long SvyCod)
 static unsigned Svy_GetNumQstsSvy (long SvyCod)
  {
   char Query[128];
   /***** Get data of questions from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM svy_questions WHERE SvyCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(*) FROM svy_questions WHERE SvyCod=%ld",SvyCod);
-            SvyCod);
+   return (unsigned) DB_QueryCOUNT_new ("can not get number of questions of a survey");
   return (unsigned) DB_QueryCOUNT (Query,"can not get number of questions of a survey");
  }
 /*****************************************************************************/
@ -2856,13 +2845,11 @@ static Svy_AnswerType_t Svy_ConvertFromStrAnsTypDBToAnsTyp (const char *StrAnsTy
 static bool Svy_CheckIfAnswerExists (long QstCod,unsigned AnsInd)
  {
   char Query[256];
   /***** Get answers of a question from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM svy_answers"
+   DB_BuildQuery ("SELECT COUNT(*) FROM svy_answers"
                  " WHERE QstCod=%ld AND AnsInd=%u",
-            QstCod,AnsInd);
+		  QstCod,AnsInd);
-   return (DB_QueryCOUNT (Query,"can not check if an answer exists") != 0);
+   return (DB_QueryCOUNT_new ("can not check if an answer exists") != 0);
  }
 /*****************************************************************************/
@ -3769,13 +3756,11 @@ static void Svy_RegisterIHaveAnsweredSvy (long SvyCod)
 static bool Svy_CheckIfIHaveAnsweredSvy (long SvyCod)
  {
   char Query[256];
   /***** Get number of surveys with a field value from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM svy_users"
+   DB_BuildQuery ("SELECT COUNT(*) FROM svy_users"
                  " WHERE SvyCod=%ld AND UsrCod=%ld",
-            SvyCod,Gbl.Usrs.Me.UsrDat.UsrCod);
+		  SvyCod,Gbl.Usrs.Me.UsrDat.UsrCod);
-   return (DB_QueryCOUNT (Query,"can not check if you have answered a survey") != 0);
+   return (DB_QueryCOUNT_new ("can not check if you have answered a survey") != 0);
  }
 /*****************************************************************************/
@ -3784,12 +3769,9 @@ static bool Svy_CheckIfIHaveAnsweredSvy (long SvyCod)
 static unsigned Svy_GetNumUsrsWhoHaveAnsweredSvy (long SvyCod)
  {
   char Query[128];
   /***** Get number of surveys with a field value from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM svy_users WHERE SvyCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(*) FROM svy_users WHERE SvyCod=%ld",SvyCod);
-            SvyCod);
+   return (unsigned) DB_QueryCOUNT_new ("can not get number of users who have answered a survey");
   return (unsigned) DB_QueryCOUNT (Query,"can not get number of users who have answered a survey");
  }
 /*****************************************************************************/
--- a/swad_test.c
+++ b/swad_test.c
@ -1666,12 +1666,10 @@ void Tst_RenameTag (void)
 static bool Tst_CheckIfCurrentCrsHasTestTags (void)
  {
   char Query[128];
   /***** Get available tags from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM tst_tags WHERE CrsCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(*) FROM tst_tags WHERE CrsCod=%ld",
-            Gbl.CurrentCrs.Crs.CrsCod);
+		  Gbl.CurrentCrs.Crs.CrsCod);
-   return (DB_QueryCOUNT (Query,"can not check if course has tags") != 0);
+   return (DB_QueryCOUNT_new ("can not check if course has tags") != 0);
  }
 /*****************************************************************************/
--- a/swad_user.c
+++ b/swad_user.c
@ -814,15 +814,14 @@ void Usr_FlushCachesUsr (void)
 bool Usr_CheckIfUsrIsAdm (long UsrCod,Sco_Scope_t Scope,long Cod)
  {
   extern const char *Sco_ScopeDB[Sco_NUM_SCOPES];
   char Query[256];
   if (Sco_ScopeDB[Scope])
     {
      /***** Get if a user is administrator of a degree from database *****/
-      sprintf (Query,"SELECT COUNT(*) FROM admin"
+      DB_BuildQuery ("SELECT COUNT(*) FROM admin"
 		     " WHERE UsrCod=%ld AND Scope='%s' AND Cod=%ld",
-	       UsrCod,Sco_ScopeDB[Scope],Cod);
+		     UsrCod,Sco_ScopeDB[Scope],Cod);
-      return (DB_QueryCOUNT (Query,"can not check if a user is administrator") != 0);
+      return (DB_QueryCOUNT_new ("can not check if a user is administrator") != 0);
     }
   return false;
  }
@ -840,7 +839,6 @@ void Usr_FlushCacheUsrIsSuperuser (void)
 bool Usr_CheckIfUsrIsSuperuser (long UsrCod)
  {
   extern const char *Sco_ScopeDB[Sco_NUM_SCOPES];
   char Query[256];
   /***** 1. Fast check: Trivial case *****/
   if (UsrCod <= 0)
@ -851,11 +849,11 @@ bool Usr_CheckIfUsrIsSuperuser (long UsrCod)
      return Gbl.Cache.UsrIsSuperuser.IsSuperuser;
   /***** 3. Slow check: If not cached, get if a user is superuser from database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM admin"
+   DB_BuildQuery ("SELECT COUNT(*) FROM admin"
 		  " WHERE UsrCod=%ld AND Scope='%s'",
-	    UsrCod,Sco_ScopeDB[Sco_SCOPE_SYS]);
+		  UsrCod,Sco_ScopeDB[Sco_SCOPE_SYS]);
   Gbl.Cache.UsrIsSuperuser.UsrCod = UsrCod;
-   Gbl.Cache.UsrIsSuperuser.IsSuperuser = (DB_QueryCOUNT (Query,"can not check if a user is superuser") != 0);
+   Gbl.Cache.UsrIsSuperuser.IsSuperuser = (DB_QueryCOUNT_new ("can not check if a user is superuser") != 0);
   return Gbl.Cache.UsrIsSuperuser.IsSuperuser;
  }
@ -943,12 +941,9 @@ bool Usr_ICanEditOtherUsr (const struct UsrData *UsrDat)
 unsigned Usr_GetNumCrssOfUsr (long UsrCod)
  {
   char Query[128];
   /***** Get the number of courses of a user from database ******/
-   sprintf (Query,"SELECT COUNT(*) FROM crs_usr WHERE UsrCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(*) FROM crs_usr WHERE UsrCod=%ld",UsrCod);
-            UsrCod);
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of courses of a user");
   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of courses of a user");
  }
 /*****************************************************************************/
@ -957,13 +952,11 @@ unsigned Usr_GetNumCrssOfUsr (long UsrCod)
 unsigned Usr_GetNumCrssOfUsrNotAccepted (long UsrCod)
  {
   char Query[256];
   /***** Get the number of courses of a user not accepted from database ******/
-   sprintf (Query,"SELECT COUNT(*) FROM crs_usr"
+   DB_BuildQuery ("SELECT COUNT(*) FROM crs_usr"
 	          " WHERE UsrCod=%ld AND Accepted='N'",
-            UsrCod);
+		  UsrCod);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of courses of a user");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of courses of a user");
  }
 /*****************************************************************************/
@ -972,13 +965,11 @@ unsigned Usr_GetNumCrssOfUsrNotAccepted (long UsrCod)
 unsigned Usr_GetNumCrssOfUsrWithARole (long UsrCod,Rol_Role_t Role)
  {
   char Query[256];
   /***** Get the number of courses of a user with a role from database ******/
-   sprintf (Query,"SELECT COUNT(*) FROM crs_usr"
+   DB_BuildQuery ("SELECT COUNT(*) FROM crs_usr"
                  " WHERE UsrCod=%ld AND Role=%u",
-            UsrCod,(unsigned) Role);
+		  UsrCod,(unsigned) Role);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of courses of a user with a role");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of courses of a user with a role");
  }
 /*****************************************************************************/
@ -987,13 +978,11 @@ unsigned Usr_GetNumCrssOfUsrWithARole (long UsrCod,Rol_Role_t Role)
 unsigned Usr_GetNumCrssOfUsrWithARoleNotAccepted (long UsrCod,Rol_Role_t Role)
  {
   char Query[256];
   /***** Get the number of courses of a user with a role from database ******/
-   sprintf (Query,"SELECT COUNT(*) FROM crs_usr"
+   DB_BuildQuery ("SELECT COUNT(*) FROM crs_usr"
                  " WHERE UsrCod=%ld AND Role=%u AND Accepted='N'",
-            UsrCod,(unsigned) Role);
+		  UsrCod,(unsigned) Role);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of courses of a user with a role");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of courses of a user with a role");
  }
 /*****************************************************************************/
@ -1004,15 +993,13 @@ unsigned Usr_GetNumUsrsInCrssOfAUsr (long UsrCod,Rol_Role_t UsrRole,
                                     Rol_Role_t OthersRole)
  {
   char SubQueryRole[64];
   char Query[512];
   unsigned NumUsrs;
   // This query can be made in a unique, but slower, query
   // The temporary table achieves speedup from ~2s to few ms
   /***** Remove temporary table if exists *****/
-   sprintf (Query,"DROP TEMPORARY TABLE IF EXISTS usr_courses_tmp");
+   DB_BuildQuery ("DROP TEMPORARY TABLE IF EXISTS usr_courses_tmp");
-   if (mysql_query (&Gbl.mysql,Query))
+   DB_Query_new ("can not remove temporary tables");
      DB_ExitOnMySQLError ("can not remove temporary tables");
   /***** Create temporary table with all user's courses as student/teacher *****/
   switch (UsrRole)
@ -1031,15 +1018,14 @@ unsigned Usr_GetNumUsrsInCrssOfAUsr (long UsrCod,Rol_Role_t UsrRole,
 	 Lay_ShowErrorAndExit ("Wrong role.");
 	 break;
     }
-   sprintf (Query,"CREATE TEMPORARY TABLE IF NOT EXISTS usr_courses_tmp"
+   DB_BuildQuery ("CREATE TEMPORARY TABLE IF NOT EXISTS usr_courses_tmp"
 	          " (CrsCod INT NOT NULL,UNIQUE INDEX (CrsCod))"
 	          " ENGINE=MEMORY"
 	          " SELECT CrsCod FROM crs_usr"
 	          " WHERE UsrCod=%ld"
 	          "%s",
-	    UsrCod,SubQueryRole);
+		  UsrCod,SubQueryRole);
-   if (mysql_query (&Gbl.mysql,Query))
+   DB_Query_new ("can not create temporary table");
      DB_ExitOnMySQLError ("can not create temporary table");
   /***** Get the number of students/teachers in a course from database ******/
   switch (OthersRole)
@ -1058,17 +1044,16 @@ unsigned Usr_GetNumUsrsInCrssOfAUsr (long UsrCod,Rol_Role_t UsrRole,
 	 Lay_ShowErrorAndExit ("Wrong role.");
 	 break;
     }
-   sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+   DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
 	          " FROM crs_usr,usr_courses_tmp"
                  " WHERE crs_usr.CrsCod=usr_courses_tmp.CrsCod"
                  "%s",
-            SubQueryRole);
+		  SubQueryRole);
-   NumUsrs = (unsigned) DB_QueryCOUNT (Query,"can not get the number of users");
+   NumUsrs = (unsigned) DB_QueryCOUNT_new ("can not get the number of users");
   /***** Remove temporary table *****/
-   sprintf (Query,"DROP TEMPORARY TABLE IF EXISTS usr_courses_tmp");
+   DB_BuildQuery ("DROP TEMPORARY TABLE IF EXISTS usr_courses_tmp");
-   if (mysql_query (&Gbl.mysql,Query))
+   DB_Query_new ("can not remove temporary tables");
      DB_ExitOnMySQLError ("can not remove temporary tables");
   return NumUsrs;
  }
@ -1364,7 +1349,6 @@ void Usr_FlushCacheUsrSharesAnyOfMyCrs (void)
 bool Usr_CheckIfUsrSharesAnyOfMyCrs (struct UsrData *UsrDat)
  {
   char Query[256];
   bool ItsMe;
   /***** 1. Fast check: Am I logged? *****/
@ -1401,11 +1385,11 @@ bool Usr_CheckIfUsrSharesAnyOfMyCrs (struct UsrData *UsrDat)
   Usr_GetMyCourses ();
   /* Check if user shares any course with me */
-   sprintf (Query,"SELECT COUNT(*) FROM crs_usr"
+   DB_BuildQuery ("SELECT COUNT(*) FROM crs_usr"
 	          " WHERE UsrCod=%ld"
 	          " AND CrsCod IN (SELECT CrsCod FROM my_courses_tmp)",
-            UsrDat->UsrCod);
+		  UsrDat->UsrCod);
-   Gbl.Cache.UsrSharesAnyOfMyCrs.SharesAnyOfMyCrs = DB_QueryCOUNT (Query,"can not check if a user shares any course with you") != 0;
+   Gbl.Cache.UsrSharesAnyOfMyCrs.SharesAnyOfMyCrs = DB_QueryCOUNT_new ("can not check if a user shares any course with you") != 0;
   Gbl.Cache.UsrSharesAnyOfMyCrs.UsrCod = UsrDat->UsrCod;
   return Gbl.Cache.UsrSharesAnyOfMyCrs.SharesAnyOfMyCrs;
  }
@ -1416,7 +1400,6 @@ bool Usr_CheckIfUsrSharesAnyOfMyCrs (struct UsrData *UsrDat)
 bool Usr_CheckIfUsrSharesAnyOfMyCrsWithDifferentRole (long UsrCod)
  {
   char Query[512];
   bool UsrSharesAnyOfMyCrsWithDifferentRole;
   /***** 1. Fast check: Am I logged? *****/
@ -1429,29 +1412,26 @@ bool Usr_CheckIfUsrSharesAnyOfMyCrsWithDifferentRole (long UsrCod)
   Usr_GetMyCourses ();
   /* Remove temporary table if exists */
-   sprintf (Query,"DROP TEMPORARY TABLE IF EXISTS usr_courses_tmp");
+   DB_BuildQuery ("DROP TEMPORARY TABLE IF EXISTS usr_courses_tmp");
-   if (mysql_query (&Gbl.mysql,Query))
+   DB_Query_new ("can not remove temporary tables");
      DB_ExitOnMySQLError ("can not remove temporary tables");
   /* Create temporary table with all user's courses for a role */
-   sprintf (Query,"CREATE TEMPORARY TABLE IF NOT EXISTS usr_courses_tmp "
+   DB_BuildQuery ("CREATE TEMPORARY TABLE IF NOT EXISTS usr_courses_tmp "
 		  "(CrsCod INT NOT NULL,Role TINYINT NOT NULL,"
 		  "UNIQUE INDEX(CrsCod,Role)) ENGINE=MEMORY"
 		  " SELECT CrsCod,Role FROM crs_usr WHERE UsrCod=%ld",
 	    UsrCod);
-   if (mysql_query (&Gbl.mysql,Query))
+   DB_Query_new ("can not create temporary table");
      DB_ExitOnMySQLError ("can not create temporary table");
   /* Get if a user shares any course with me from database */
-   sprintf (Query,"SELECT COUNT(*) FROM my_courses_tmp,usr_courses_tmp"
+   DB_BuildQuery ("SELECT COUNT(*) FROM my_courses_tmp,usr_courses_tmp"
                  " WHERE my_courses_tmp.CrsCod=usr_courses_tmp.CrsCod"
                  " AND my_courses_tmp.Role<>usr_courses_tmp.Role");
-   UsrSharesAnyOfMyCrsWithDifferentRole = (DB_QueryCOUNT (Query,"can not check if a user shares any course with you") != 0);
+   UsrSharesAnyOfMyCrsWithDifferentRole = (DB_QueryCOUNT_new ("can not check if a user shares any course with you") != 0);
   /* Remove temporary table if exists */
-   sprintf (Query,"DROP TEMPORARY TABLE IF EXISTS usr_courses_tmp");
+   DB_BuildQuery ("DROP TEMPORARY TABLE IF EXISTS usr_courses_tmp");
-   if (mysql_query (&Gbl.mysql,Query))
+   DB_Query_new ("can not remove temporary tables");
      DB_ExitOnMySQLError ("can not remove temporary tables");
   return UsrSharesAnyOfMyCrsWithDifferentRole;
  }
@ -1817,8 +1797,6 @@ void Usr_FlushCacheUsrBelongsToIns (void)
 bool Usr_CheckIfUsrBelongsToIns (long UsrCod,long InsCod)
  {
   char Query[512];
   /***** 1. Fast check: Trivial case *****/
   if (UsrCod <= 0 ||
       InsCod <= 0)
@ -1830,7 +1808,7 @@ bool Usr_CheckIfUsrBelongsToIns (long UsrCod,long InsCod)
      return Gbl.Cache.UsrBelongsToIns.Belongs;
   /***** 3. Slow check: Get is user belongs to institution from database *****/
-   sprintf (Query,"SELECT COUNT(DISTINCT centres.InsCod)"
+   DB_BuildQuery ("SELECT COUNT(DISTINCT centres.InsCod)"
 		  " FROM crs_usr,courses,degrees,centres"
 		  " WHERE crs_usr.UsrCod=%ld"
 		  " AND crs_usr.Accepted='Y'"
@ -1838,10 +1816,10 @@ bool Usr_CheckIfUsrBelongsToIns (long UsrCod,long InsCod)
 		  " AND courses.DegCod=degrees.DegCod"
 		  " AND degrees.CtrCod=centres.CtrCod"
 		  " AND centres.InsCod=%ld",
-	    UsrCod,InsCod);
+		  UsrCod,InsCod);
   Gbl.Cache.UsrBelongsToIns.UsrCod = UsrCod;
   Gbl.Cache.UsrBelongsToIns.InsCod = InsCod;
-   Gbl.Cache.UsrBelongsToIns.Belongs = (DB_QueryCOUNT (Query,"can not check if a user belongs to an institution") != 0);
+   Gbl.Cache.UsrBelongsToIns.Belongs = (DB_QueryCOUNT_new ("can not check if a user belongs to an institution") != 0);
   return Gbl.Cache.UsrBelongsToIns.Belongs;
  }
@ -1858,8 +1836,6 @@ void Usr_FlushCacheUsrBelongsToCtr (void)
 bool Usr_CheckIfUsrBelongsToCtr (long UsrCod,long CtrCod)
  {
   char Query[512];
   /***** 1. Fast check: Trivial case *****/
   if (UsrCod <= 0 ||
       CtrCod <= 0)
@ -1871,17 +1847,17 @@ bool Usr_CheckIfUsrBelongsToCtr (long UsrCod,long CtrCod)
      return Gbl.Cache.UsrBelongsToCtr.Belongs;
   /***** 3. Slow check: Get is user belongs to centre from database *****/
-   sprintf (Query,"SELECT COUNT(DISTINCT degrees.CtrCod)"
+   DB_BuildQuery ("SELECT COUNT(DISTINCT degrees.CtrCod)"
 		  " FROM crs_usr,courses,degrees"
 		  " WHERE crs_usr.UsrCod=%ld"
 		  " AND crs_usr.Accepted='Y'"	// Only if user accepted
 		  " AND crs_usr.CrsCod=courses.CrsCod"
 		  " AND courses.DegCod=degrees.DegCod"
 		  " AND degrees.CtrCod=%ld",
-	    UsrCod,CtrCod);
+		  UsrCod,CtrCod);
   Gbl.Cache.UsrBelongsToCtr.UsrCod = UsrCod;
   Gbl.Cache.UsrBelongsToCtr.CtrCod = CtrCod;
-   Gbl.Cache.UsrBelongsToCtr.Belongs = (DB_QueryCOUNT (Query,"can not check if a user belongs to a centre") != 0);
+   Gbl.Cache.UsrBelongsToCtr.Belongs = (DB_QueryCOUNT_new ("can not check if a user belongs to a centre") != 0);
   return Gbl.Cache.UsrBelongsToCtr.Belongs;
  }
@ -1898,8 +1874,6 @@ void Usr_FlushCacheUsrBelongsToDeg (void)
 bool Usr_CheckIfUsrBelongsToDeg (long UsrCod,long DegCod)
  {
   char Query[512];
   /***** 1. Fast check: Trivial case *****/
   if (UsrCod <= 0 ||
       DegCod <= 0)
@ -1911,16 +1885,16 @@ bool Usr_CheckIfUsrBelongsToDeg (long UsrCod,long DegCod)
      return Gbl.Cache.UsrBelongsToDeg.Belongs;
   /***** 3. Slow check: Get if user belongs to degree from database *****/
-   sprintf (Query,"SELECT COUNT(DISTINCT courses.DegCod)"
+   DB_BuildQuery ("SELECT COUNT(DISTINCT courses.DegCod)"
 		  " FROM crs_usr,courses"
 		  " WHERE crs_usr.UsrCod=%ld"
 		  " AND crs_usr.Accepted='Y'"	// Only if user accepted
 		  " AND crs_usr.CrsCod=courses.CrsCod"
 		  " AND courses.DegCod=%ld",
-	    UsrCod,DegCod);
+		  UsrCod,DegCod);
   Gbl.Cache.UsrBelongsToDeg.UsrCod = UsrCod;
   Gbl.Cache.UsrBelongsToDeg.DegCod = DegCod;
-   Gbl.Cache.UsrBelongsToDeg.Belongs = (DB_QueryCOUNT (Query,"can not check if a user belongs to a degree") != 0);
+   Gbl.Cache.UsrBelongsToDeg.Belongs = (DB_QueryCOUNT_new ("can not check if a user belongs to a degree") != 0);
   return Gbl.Cache.UsrBelongsToDeg.Belongs;
  }
@ -1939,7 +1913,6 @@ void Usr_FlushCacheUsrBelongsToCrs (void)
 bool Usr_CheckIfUsrBelongsToCrs (long UsrCod,long CrsCod,
                                 bool CountOnlyAcceptedCourses)
  {
   char Query[512];
   const char *SubQuery;
   /***** 1. Fast check: Trivial cases *****/
@ -1956,13 +1929,13 @@ bool Usr_CheckIfUsrBelongsToCrs (long UsrCod,long CrsCod,
   /***** 3. Slow check: Get if user belongs to course from database *****/
   SubQuery = (CountOnlyAcceptedCourses ? " AND crs_usr.Accepted='Y'" :
 	                                  "");
-   sprintf (Query,"SELECT COUNT(*) FROM crs_usr"
+   DB_BuildQuery ("SELECT COUNT(*) FROM crs_usr"
 	          " WHERE CrsCod=%ld AND UsrCod=%ld%s",
-            CrsCod,UsrCod,SubQuery);
+		  CrsCod,UsrCod,SubQuery);
   Gbl.Cache.UsrBelongsToCrs.UsrCod = UsrCod;
   Gbl.Cache.UsrBelongsToCrs.CrsCod = CrsCod;
   Gbl.Cache.UsrBelongsToCrs.CountOnlyAcceptedCourses = CountOnlyAcceptedCourses;
-   Gbl.Cache.UsrBelongsToCrs.Belongs = (DB_QueryCOUNT (Query,"can not check if a user belongs to a course") != 0);
+   Gbl.Cache.UsrBelongsToCrs.Belongs = (DB_QueryCOUNT_new ("can not check if a user belongs to a course") != 0);
   return Gbl.Cache.UsrBelongsToCrs.Belongs;
  }
@ -2297,12 +2270,10 @@ unsigned long Usr_GetCrssFromUsr (long UsrCod,long DegCod,MYSQL_RES **mysql_res)
 bool Usr_ChkIfEncryptedUsrCodExists (const char EncryptedUsrCod[Cry_BYTES_ENCRYPTED_STR_SHA256_BASE64])
  {
   char Query[128 + Cry_BYTES_ENCRYPTED_STR_SHA256_BASE64];
   /***** Get if an encrypted user's code already existed in database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM usr_data WHERE EncryptedUsrCod='%s'",
+   DB_BuildQuery ("SELECT COUNT(*) FROM usr_data WHERE EncryptedUsrCod='%s'",
-            EncryptedUsrCod);
+		  EncryptedUsrCod);
-   return (DB_QueryCOUNT (Query,"can not check if an encrypted user's code already existed") != 0);
+   return (DB_QueryCOUNT_new ("can not check if an encrypted user's code already existed") != 0);
  }
 /*****************************************************************************/
@ -2534,12 +2505,10 @@ void Usr_CreateBirthdayStrDB (const struct UsrData *UsrDat,
 static bool Usr_CheckIfMyBirthdayHasNotBeenCongratulated (void)
  {
   char Query[128];
   /***** Delete old birthdays *****/
-   sprintf (Query,"SELECT COUNT(*) FROM birthdays_today WHERE UsrCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(*) FROM birthdays_today WHERE UsrCod=%ld",
-            Gbl.Usrs.Me.UsrDat.UsrCod);
+		  Gbl.Usrs.Me.UsrDat.UsrCod);
-   return (DB_QueryCOUNT (Query,"can not check if my birthday has been congratulated") == 0);
+   return (DB_QueryCOUNT_new ("can not check if my birthday has been congratulated") == 0);
  }
 /*****************************************************************************/
@ -3935,13 +3904,11 @@ static void Usr_WriteUsrData (const char *BgColor,
 unsigned Usr_GetNumUsrsInCrs (Rol_Role_t Role,long CrsCod)
  {
   char Query[256];
   /***** Get the number of teachers in a course from database ******/
-   sprintf (Query,"SELECT COUNT(*) FROM crs_usr"
+   DB_BuildQuery ("SELECT COUNT(*) FROM crs_usr"
 	          " WHERE CrsCod=%ld AND Role=%u",
-            CrsCod,(unsigned) Role);
+		  CrsCod,(unsigned) Role);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of users in a course");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of users in a course");
  }
 /*****************************************************************************/
@ -3950,16 +3917,14 @@ unsigned Usr_GetNumUsrsInCrs (Rol_Role_t Role,long CrsCod)
 unsigned Usr_GetNumUsrsInCrssOfDeg (Rol_Role_t Role,long DegCod)
  {
   char Query[512];
   /***** Get the number of users in courses of a degree from database ******/
-   sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+   DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
 	          " FROM courses,crs_usr"
                  " WHERE courses.DegCod=%ld"
                  " AND courses.CrsCod=crs_usr.CrsCod"
                  " AND crs_usr.Role=%u",
-            DegCod,(unsigned) Role);
+		  DegCod,(unsigned) Role);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of users in courses of a degree");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of users in courses of a degree");
  }
 /*****************************************************************************/
@ -3969,27 +3934,25 @@ unsigned Usr_GetNumUsrsInCrssOfDeg (Rol_Role_t Role,long DegCod)
 unsigned Usr_GetNumUsrsInCrssOfCtr (Rol_Role_t Role,long CtrCod)
  {
   char Query[512];
   /***** Get the number of users in courses of a centre from database ******/
   if (Role == Rol_UNK)	// Any user
-      sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+      DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
 		     " FROM degrees,courses,crs_usr"
 		     " WHERE degrees.CtrCod=%ld"
 		     " AND degrees.DegCod=courses.DegCod"
 		     " AND courses.CrsCod=crs_usr.CrsCod",
-	       CtrCod);
+		     CtrCod);
   else
      // This query is very slow.
      // It's a bad idea to get number of teachers or students for a big list of centres
-      sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+      DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
 		     " FROM degrees,courses,crs_usr"
 		     " WHERE degrees.CtrCod=%ld"
 		     " AND degrees.DegCod=courses.DegCod"
 		     " AND courses.CrsCod=crs_usr.CrsCod"
 		     " AND crs_usr.Role=%u",
-	       CtrCod,(unsigned) Role);
+		     CtrCod,(unsigned) Role);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of users in courses of a centre");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of users in courses of a centre");
  }
 /*****************************************************************************/
@ -3999,29 +3962,27 @@ unsigned Usr_GetNumUsrsInCrssOfCtr (Rol_Role_t Role,long CtrCod)
 unsigned Usr_GetNumUsrsInCrssOfIns (Rol_Role_t Role,long InsCod)
  {
   char Query[512];
   /***** Get the number of users in courses of an institution from database ******/
   if (Role == Rol_UNK)	// Any user
-      sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+      DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
 		     " FROM centres,degrees,courses,crs_usr"
 		     " WHERE centres.InsCod=%ld"
 		     " AND centres.CtrCod=degrees.CtrCod"
 		     " AND degrees.DegCod=courses.DegCod"
 		     " AND courses.CrsCod=crs_usr.CrsCod",
-	       InsCod);
+		     InsCod);
   else
      // This query is very slow.
      // It's a bad idea to get number of teachers or students for a big list of institutions
-      sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+      DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
 		     " FROM centres,degrees,courses,crs_usr"
 		     " WHERE centres.InsCod=%ld"
 		     " AND centres.CtrCod=degrees.CtrCod"
 		     " AND degrees.DegCod=courses.DegCod"
 		     " AND courses.CrsCod=crs_usr.CrsCod"
 		     " AND crs_usr.Role=%u",
-	       InsCod,(unsigned) Role);
+		     InsCod,(unsigned) Role);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of users in courses of an institution");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of users in courses of an institution");
  }
 /*****************************************************************************/
@ -4031,22 +3992,20 @@ unsigned Usr_GetNumUsrsInCrssOfIns (Rol_Role_t Role,long InsCod)
 unsigned Usr_GetNumUsrsInCrssOfCty (Rol_Role_t Role,long CtyCod)
  {
   char Query[512];
   /***** Get the number of users in courses of a country from database ******/
   if (Role == Rol_UNK)	// Any user
-      sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+      DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
 		     " FROM institutions,centres,degrees,courses,crs_usr"
 		     " WHERE institutions.CtyCod=%ld"
 		     " AND institutions.InsCod=centres.InsCod"
 		     " AND centres.CtrCod=degrees.CtrCod"
 		     " AND degrees.DegCod=courses.DegCod"
 		     " AND courses.CrsCod=crs_usr.CrsCod",
-	       CtyCod);
+		     CtyCod);
   else
      // This query is very slow.
      // It's a bad idea to get number of teachers or students for a big list of countries
-      sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+      DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
 		     " FROM institutions,centres,degrees,courses,crs_usr"
 		     " WHERE institutions.CtyCod=%ld"
 		     " AND institutions.InsCod=centres.InsCod"
@ -4054,8 +4013,8 @@ unsigned Usr_GetNumUsrsInCrssOfCty (Rol_Role_t Role,long CtyCod)
 		     " AND degrees.DegCod=courses.DegCod"
 		     " AND courses.CrsCod=crs_usr.CrsCod"
 		     " AND crs_usr.Role=%u",
-	       CtyCod,(unsigned) Role);
+		     CtyCod,(unsigned) Role);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of users in courses of a country");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of users in courses of a country");
  }
 /*****************************************************************************/
@ -4125,18 +4084,16 @@ long Usr_GetRamdomStdFromGrp (long GrpCod)
 unsigned Usr_GetNumTchsCurrentInsInDepartment (long DptCod)
  {
   char Query[512];
   /***** Get the number of teachers
          from the current institution in a department *****/
-   sprintf (Query,"SELECT COUNT(DISTINCT usr_data.UsrCod)"
+   DB_BuildQuery ("SELECT COUNT(DISTINCT usr_data.UsrCod)"
 	          " FROM usr_data,crs_usr"
                  " WHERE usr_data.InsCod=%ld AND usr_data.DptCod=%ld"
                  " AND usr_data.UsrCod=crs_usr.UsrCod"
                  " AND crs_usr.Role IN (%u,%u)",
-            Gbl.CurrentIns.Ins.InsCod,DptCod,
+		  Gbl.CurrentIns.Ins.InsCod,DptCod,
-            (unsigned) Rol_NET,(unsigned) Rol_TCH);
+		  (unsigned) Rol_NET,(unsigned) Rol_TCH);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of teachers in a department");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of teachers in a department");
  }
 /*****************************************************************************/
@ -4145,12 +4102,9 @@ unsigned Usr_GetNumTchsCurrentInsInDepartment (long DptCod)
 unsigned Usr_GetNumUsrsWhoClaimToBelongToCty (long CtyCod)
  {
   char Query[128];
   /***** Get the number of users in a country from database *****/
-   sprintf (Query,"SELECT COUNT(UsrCod) FROM usr_data WHERE CtyCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(UsrCod) FROM usr_data WHERE CtyCod=%ld",CtyCod);
-            CtyCod);
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of users in a country");
   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of users in a country");
  }
 /*****************************************************************************/
@ -4159,12 +4113,9 @@ unsigned Usr_GetNumUsrsWhoClaimToBelongToCty (long CtyCod)
 unsigned Usr_GetNumUsrsWhoClaimToBelongToIns (long InsCod)
  {
   char Query[128];
   /***** Get the number of users in an institution from database *****/
-   sprintf (Query,"SELECT COUNT(UsrCod) FROM usr_data WHERE InsCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(UsrCod) FROM usr_data WHERE InsCod=%ld",InsCod);
-            InsCod);
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of users in an institution");
   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of users in an institution");
  }
 /*****************************************************************************/
@ -4173,12 +4124,9 @@ unsigned Usr_GetNumUsrsWhoClaimToBelongToIns (long InsCod)
 unsigned Usr_GetNumUsrsWhoClaimToBelongToCtr (long CtrCod)
  {
   char Query[128];
   /***** Get the number of users in a centre from database *****/
-   sprintf (Query,"SELECT COUNT(UsrCod) FROM usr_data WHERE CtrCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(UsrCod) FROM usr_data WHERE CtrCod=%ld",CtrCod);
-            CtrCod);
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of users in a centre");
   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of users in a centre");
  }
 /*****************************************************************************/
@ -4187,15 +4135,13 @@ unsigned Usr_GetNumUsrsWhoClaimToBelongToCtr (long CtrCod)
 unsigned Usr_GetNumberOfTeachersInCentre (long CtrCod)
  {
   char Query[512];
   /***** Get the number of teachers in a centre from database *****/
-   sprintf (Query,"SELECT COUNT(DISTINCT usr_data.UsrCod)"
+   DB_BuildQuery ("SELECT COUNT(DISTINCT usr_data.UsrCod)"
 	          " FROM usr_data,crs_usr"
                  " WHERE usr_data.CtrCod=%ld"
                  " AND usr_data.UsrCod=crs_usr.UsrCod AND crs_usr.Role=%u",
-            CtrCod,(unsigned) Rol_TCH);
+		  CtrCod,(unsigned) Rol_TCH);
-   return (unsigned) DB_QueryCOUNT (Query,"can not get the number of teachers in a centre");
+   return (unsigned) DB_QueryCOUNT_new ("can not get the number of teachers in a centre");
  }
 /*****************************************************************************/
@ -8386,15 +8332,12 @@ void Usr_ConstructPathUsr (long UsrCod,char PathUsr[PATH_MAX + 1])
 bool Usr_ChkIfUsrCodExists (long UsrCod)
  {
   char Query[128];
   if (UsrCod <= 0)	// Wrong user's code
      return false;
   /***** Get if a user exists in database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM usr_data WHERE UsrCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(*) FROM usr_data WHERE UsrCod=%ld",UsrCod);
-	    UsrCod);
+   return (DB_QueryCOUNT_new ("can not check if a user exists") != 0);
   return (DB_QueryCOUNT (Query,"can not check if a user exists") != 0);
  }
 /*****************************************************************************/
@ -8435,11 +8378,9 @@ void Usr_ShowWarningNoUsersFound (Rol_Role_t Role)
 unsigned Usr_GetTotalNumberOfUsersInPlatform (void)
  {
   char Query[128];
   /***** Get number of users from database *****/
-   sprintf (Query,"SELECT COUNT(UsrCod) FROM usr_data");
+   DB_BuildQuery ("SELECT COUNT(UsrCod) FROM usr_data");
-   return (unsigned) DB_QueryCOUNT (Query,"can not get number of users");
+   return (unsigned) DB_QueryCOUNT_new ("can not get number of users");
  }
 /*****************************************************************************/
@ -8452,7 +8393,6 @@ unsigned Usr_GetTotalNumberOfUsersInCourses (Sco_Scope_t Scope,unsigned Roles)
  {
   char UnsignedStr[10 + 1];
   char SubQueryRoles[Usr_MAX_BYTES_SUBQUERY_ROLES + 1];
   char Query[512 + Usr_MAX_BYTES_SUBQUERY_ROLES + 1];
   bool AnyUserInCourses;
   Rol_Role_t Role;
   Rol_Role_t FirstRoleRequested;
@ -8529,25 +8469,25 @@ unsigned Usr_GetTotalNumberOfUsersInCourses (Sco_Scope_t Scope,unsigned Roles)
     {
      case Sco_SCOPE_SYS:
         if (AnyUserInCourses)	// Any user
-            sprintf (Query,"SELECT COUNT(DISTINCT UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT UsrCod)"
        	           " FROM crs_usr");
         else
-            sprintf (Query,"SELECT COUNT(DISTINCT UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT UsrCod)"
        	           " FROM crs_usr WHERE Role%s",
-                     SubQueryRoles);
+			   SubQueryRoles);
         break;
      case Sco_SCOPE_CTY:
         if (AnyUserInCourses)	// Any user
-            sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
        	           " FROM institutions,centres,degrees,courses,crs_usr"
                           " WHERE institutions.CtyCod=%ld"
                           " AND institutions.InsCod=centres.InsCod"
                           " AND centres.CtrCod=degrees.CtrCod"
                           " AND degrees.DegCod=courses.DegCod"
                           " AND courses.CrsCod=crs_usr.CrsCod",
-                     Gbl.CurrentCty.Cty.CtyCod);
+			   Gbl.CurrentCty.Cty.CtyCod);
         else
-            sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
        	           " FROM institutions,centres,degrees,courses,crs_usr"
                           " WHERE institutions.CtyCod=%ld"
                           " AND institutions.InsCod=centres.InsCod"
@ -8555,76 +8495,76 @@ unsigned Usr_GetTotalNumberOfUsersInCourses (Sco_Scope_t Scope,unsigned Roles)
                           " AND degrees.DegCod=courses.DegCod"
                           " AND courses.CrsCod=crs_usr.CrsCod"
                           " AND crs_usr.Role%s",
-                     Gbl.CurrentCty.Cty.CtyCod,SubQueryRoles);
+			   Gbl.CurrentCty.Cty.CtyCod,SubQueryRoles);
         break;
      case Sco_SCOPE_INS:
         if (AnyUserInCourses)	// Any user
-            sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
        	           " FROM centres,degrees,courses,crs_usr"
                           " WHERE centres.InsCod=%ld"
                           " AND centres.CtrCod=degrees.CtrCod"
                           " AND degrees.DegCod=courses.DegCod"
                           " AND courses.CrsCod=crs_usr.CrsCod",
-                     Gbl.CurrentIns.Ins.InsCod);
+			   Gbl.CurrentIns.Ins.InsCod);
         else
-            sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
        	           " FROM centres,degrees,courses,crs_usr"
                           " WHERE centres.InsCod=%ld"
                           " AND centres.CtrCod=degrees.CtrCod"
                           " AND degrees.DegCod=courses.DegCod"
                           " AND courses.CrsCod=crs_usr.CrsCod"
                           " AND crs_usr.Role%s",
-                     Gbl.CurrentIns.Ins.InsCod,SubQueryRoles);
+			   Gbl.CurrentIns.Ins.InsCod,SubQueryRoles);
         break;
      case Sco_SCOPE_CTR:
         if (AnyUserInCourses)	// Any user
-            sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
        	           " FROM degrees,courses,crs_usr"
                           " WHERE degrees.CtrCod=%ld"
                           " AND degrees.DegCod=courses.DegCod"
                           " AND courses.CrsCod=crs_usr.CrsCod",
-                     Gbl.CurrentCtr.Ctr.CtrCod);
+			   Gbl.CurrentCtr.Ctr.CtrCod);
         else
-            sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
        	           " FROM degrees,courses,crs_usr"
                           " WHERE degrees.CtrCod=%ld"
                           " AND degrees.DegCod=courses.DegCod"
                           " AND courses.CrsCod=crs_usr.CrsCod"
                           " AND crs_usr.Role%s",
-                     Gbl.CurrentCtr.Ctr.CtrCod,SubQueryRoles);
+			   Gbl.CurrentCtr.Ctr.CtrCod,SubQueryRoles);
         break;
      case Sco_SCOPE_DEG:
         if (AnyUserInCourses)	// Any user
-            sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
        	           " FROM courses,crs_usr"
                           " WHERE courses.DegCod=%ld"
                           " AND courses.CrsCod=crs_usr.CrsCod",
-                     Gbl.CurrentDeg.Deg.DegCod);
+			   Gbl.CurrentDeg.Deg.DegCod);
         else
-            sprintf (Query,"SELECT COUNT(DISTINCT crs_usr.UsrCod)"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT crs_usr.UsrCod)"
-        	            " FROM courses,crs_usr"
+        	           " FROM courses,crs_usr"
                           " WHERE courses.DegCod=%ld"
                           " AND courses.CrsCod=crs_usr.CrsCod"
                           " AND crs_usr.Role%s",
-                     Gbl.CurrentDeg.Deg.DegCod,SubQueryRoles);
+			   Gbl.CurrentDeg.Deg.DegCod,SubQueryRoles);
         break;
      case Sco_SCOPE_CRS:
         if (AnyUserInCourses)	// Any user
-            sprintf (Query,"SELECT COUNT(DISTINCT UsrCod) FROM crs_usr"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT UsrCod) FROM crs_usr"
                           " WHERE CrsCod=%ld",
-                     Gbl.CurrentCrs.Crs.CrsCod);
+			   Gbl.CurrentCrs.Crs.CrsCod);
         else
-            sprintf (Query,"SELECT COUNT(DISTINCT UsrCod) FROM crs_usr"
+            DB_BuildQuery ("SELECT COUNT(DISTINCT UsrCod) FROM crs_usr"
                           " WHERE CrsCod=%ld"
                           " AND Role%s",
-                     Gbl.CurrentCrs.Crs.CrsCod,SubQueryRoles);
+			   Gbl.CurrentCrs.Crs.CrsCod,SubQueryRoles);
         break;
      default:
 	 Lay_WrongScopeExit ();
 	 break;
     }
-   return (unsigned) DB_QueryCOUNT (Query,"can not get number of users");
+   return (unsigned) DB_QueryCOUNT_new ("can not get number of users");
  }
 /*****************************************************************************/
@ -8633,12 +8573,10 @@ unsigned Usr_GetTotalNumberOfUsersInCourses (Sco_Scope_t Scope,unsigned Roles)
 unsigned Usr_GetNumUsrsNotBelongingToAnyCrs (void)
  {
   char Query[256];
   /***** Get number of users who are in table of users but not in table courses-users *****/
-   sprintf (Query,"SELECT COUNT(*) FROM usr_data WHERE UsrCod NOT IN"
+   DB_BuildQuery ("SELECT COUNT(*) FROM usr_data WHERE UsrCod NOT IN"
                  " (SELECT DISTINCT(UsrCod) FROM crs_usr)");
-   return (unsigned) DB_QueryCOUNT (Query,"can not get number of users who do not belong to any course");
+   return (unsigned) DB_QueryCOUNT_new ("can not get number of users who do not belong to any course");
  }
 /*****************************************************************************/
@ -8935,11 +8873,8 @@ float Usr_GetNumUsrsPerCrs (Rol_Role_t Role)
 bool Usr_CheckIfUsrBanned (long UsrCod)
  {
-   char Query[128];
+   DB_BuildQuery ("SELECT COUNT(*) FROM usr_banned WHERE UsrCod=%ld",UsrCod);
-
+   return (DB_QueryCOUNT_new ("can not check if user is banned") != 0);
   sprintf (Query,"SELECT COUNT(*) FROM usr_banned WHERE UsrCod=%ld",
 	    UsrCod);
   return (DB_QueryCOUNT (Query,"can not check if user is banned") != 0);
  }
 /*****************************************************************************/
--- a/swad_web_service.c
+++ b/swad_web_service.c
@ -327,7 +327,6 @@ static int Svc_CheckIdSession (const char *IdSession)
  {
   const char *Ptr;
   unsigned i;
   char Query[128 + Cns_BYTES_SESSION_ID];
   /***** Check if pointer is NULL *****/
   if (IdSession == NULL)
@ -358,9 +357,9 @@ static int Svc_CheckIdSession (const char *IdSession)
     }
   /***** Query if session identifier already exists in database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM sessions WHERE SessionId='%s'",
+   DB_BuildQuery ("SELECT COUNT(*) FROM sessions WHERE SessionId='%s'",
-            IdSession);
+                  IdSession);
-   if (DB_QueryCOUNT (Query,"can not get session data") != 1)
+   if (DB_QueryCOUNT_new ("can not get session data") != 1)
      return soap_receiver_fault (Gbl.soap,
 	                          "Bad session identifier",
 	                          "Session identifier does not exist in database");
@ -407,8 +406,6 @@ static int Svc_CheckWSKey (char WSKey[Svc_BYTES_WS_KEY + 1])
 static int Svc_CheckCourseAndGroupCodes (long CrsCod,long GrpCod)
  {
   char Query[512];
   /***** Check if course code is correct *****/
   if (CrsCod <= 0)
      return soap_sender_fault (Gbl.soap,
@ -416,9 +413,8 @@ static int Svc_CheckCourseAndGroupCodes (long CrsCod,long GrpCod)
 	                        "Course code must be a integer greater than 0");
   /***** Query if course code already exists in database *****/
-   sprintf (Query,"SELECT COUNT(*) FROM courses WHERE CrsCod=%ld",
+   DB_BuildQuery ("SELECT COUNT(*) FROM courses WHERE CrsCod=%ld",CrsCod);
-            CrsCod);
+   if (DB_QueryCOUNT_new ("can not get course") != 1)
   if (DB_QueryCOUNT (Query,"can not get course") != 1)
      return soap_sender_fault (Gbl.soap,
 	                        "Bad course code",
 	                        "Course code does not exist in database");
@ -427,10 +423,12 @@ static int Svc_CheckCourseAndGroupCodes (long CrsCod,long GrpCod)
   if (GrpCod > 0)	// <=0 means "the whole course"
     {
      /***** Query if group code already exists in database *****/
-      sprintf (Query,"SELECT COUNT(*) FROM crs_grp_types,crs_grp"
+      DB_BuildQuery ("SELECT COUNT(*) FROM crs_grp_types,crs_grp"
-                     " WHERE crs_grp_types.CrsCod=%ld AND crs_grp_types.GrpTypCod=crs_grp.GrpTypCod AND crs_grp.GrpCod=%ld",
+                     " WHERE crs_grp_types.CrsCod=%ld"
-               CrsCod,GrpCod);
+                     " AND crs_grp_types.GrpTypCod=crs_grp.GrpTypCod"
-      if (DB_QueryCOUNT (Query,"can not get group") != 1)
+                     " AND crs_grp.GrpCod=%ld",
 		     CrsCod,GrpCod);
      if (DB_QueryCOUNT_new ("can not get group") != 1)
         return soap_sender_fault (Gbl.soap,
                                   "Bad group code",
                                   "Group code does not exist in database or it's not a group of the specified course");
@ -741,8 +739,6 @@ static int Svc_CheckParamsNewAccount (char *NewNicknameWithArroba,	// Input
                                      char *NewPlainPassword,		// Input
                                      char *NewEncryptedPassword)	// Output
  {
   char Query[256 + Cns_MAX_CHARS_EMAIL_ADDRESS];
   /***** Step 1/3: Check new nickname *****/
   /* Make a copy without possible starting arrobas */
   Str_Copy (NewNicknameWithoutArroba,NewNicknameWithArroba,
@ -753,9 +749,9 @@ static int Svc_CheckParamsNewAccount (char *NewNicknameWithArroba,	// Input
      Str_RemoveLeadingArrobas (NewNicknameWithoutArroba);
      /***** Check if the new nickname matches any of the nicknames of other users *****/
-      sprintf (Query,"SELECT COUNT(*) FROM usr_nicknames WHERE Nickname='%s'",
+      DB_BuildQuery ("SELECT COUNT(*) FROM usr_nicknames WHERE Nickname='%s'",
-	       NewNicknameWithoutArroba);
+		     NewNicknameWithoutArroba);
-      if (DB_QueryCOUNT (Query,"can not check if nickname already existed"))        // A nickname of another user is the same that this nickname
+      if (DB_QueryCOUNT_new ("can not check if nickname already existed"))        // A nickname of another user is the same that this nickname
 	 return Svc_CHECK_NEW_ACCOUNT_NICKNAME_REGISTERED_BY_ANOTHER_USER;
     }
   else        // New nickname is not valid
@ -765,10 +761,10 @@ static int Svc_CheckParamsNewAccount (char *NewNicknameWithArroba,	// Input
   if (Mai_CheckIfEmailIsValid (NewEmail))	// New email is valid
     {
      /***** Check if the new email matches any of the confirmed emails of other users *****/
-      sprintf (Query,"SELECT COUNT(*) FROM usr_emails"
+      DB_BuildQuery ("SELECT COUNT(*) FROM usr_emails"
 		     " WHERE E_mail='%s' AND Confirmed='Y'",
-	       NewEmail);
+		     NewEmail);
-      if (DB_QueryCOUNT (Query,"can not check if email already existed"))	// An email of another user is the same that my email
+      if (DB_QueryCOUNT_new ("can not check if email already existed"))	// An email of another user is the same that my email
 	 return Svc_CHECK_NEW_ACCOUNT_EMAIL_REGISTERED_BY_ANOTHER_USER;
     }
   else	// New email is not valid
@ -3617,12 +3613,10 @@ static int Svc_GetTstConfig (long CrsCod)
 static int Svc_GetNumTestQuestionsInCrs (long CrsCod)
  {
   char Query[512];
   /***** Get number of questions *****/
   // Reject questions with any tag hidden
   // Select only questions with tags
-   sprintf (Query,"SELECT COUNT(*)"
+   DB_BuildQuery ("SELECT COUNT(*)"
 		  " FROM tst_questions,tst_question_tags,tst_tags"
 		  " WHERE tst_questions.CrsCod=%ld"
                  " AND tst_questions.QstCod NOT IN"
@ -3632,8 +3626,8 @@ static int Svc_GetNumTestQuestionsInCrs (long CrsCod)
 		  " AND tst_questions.QstCod=tst_question_tags.QstCod"
 		  " AND tst_question_tags.TagCod=tst_tags.TagCod"
 		  " AND tst_tags.CrsCod=%ld",
-            CrsCod,CrsCod,CrsCod);
+		  CrsCod,CrsCod,CrsCod);
-   return (int) DB_QueryCOUNT (Query,"can not get number of test questions");
+   return (int) DB_QueryCOUNT_new ("can not get number of test questions");
  }
 /*****************************************************************************/