bug 5086: fix setting claim date
Also removed a locus for SQL injection. Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
This commit is contained in:
parent
40d9995822
commit
27bb768cad
1 changed files with 3 additions and 3 deletions
|
@ -287,10 +287,10 @@ sub UpdateClaimdateIssues {
|
|||
my $dbh = C4::Context->dbh;
|
||||
$date = strftime( "%Y-%m-%d", localtime ) unless ($date);
|
||||
my $query = "
|
||||
UPDATE serial SET claimdate=$date,status=7
|
||||
WHERE serialid in (" . join( ",", @$serialids ) . ")";
|
||||
UPDATE serial SET claimdate = ?, status = 7
|
||||
WHERE serialid in (" . join( ",", map { '?' } @$serialids ) . ")";
|
||||
my $rq = $dbh->prepare($query);
|
||||
$rq->execute;
|
||||
$rq->execute($date, @$serialids);
|
||||
return $rq->rows;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue