Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Use placeholders in sql

Browse source 
Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This commit is contained in:
Frère Sébastien Marie 2011-02-27 13:56:43 +01:00 committed by Chris Cormack
parent 74cdd57ecb
commit 55af15be84
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
admin/auth_tag_structure.pl
View file

@ -188,9 +188,10 @@ if ($op eq 'add_form') {
# called by delete_confirm, used to effectively confirm deletion of data in DB
} elsif ($op eq 'delete_confirmed') {
unless (C4::Context->config('demo') eq 1) {
$dbh->do("delete from auth_tag_structure where tagfield='$searchfield' and authtypecode='$authtypecode'");
$dbh->do("delete from auth_subfield_structure where tagfield='$searchfield' and authtypecode='$authtypecode'");
# FIXME: Secuity vulnerability -- use placeholders, prepare and execute!
my $sth = $dbh->prepare("delete from auth_tag_structure where tagfield=? and authtypecode=?");
$sth->execute($searchfield,$authtypecode);
my $sth = $dbh->prepare("delete from auth_subfield_structure where tagfield=? and authtypecode=?");
$sth->execute($searchfield,$authtypecode);
}
print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=auth_tag_structure.pl?searchfield=".$input->param('tagfield')."&authtypecode=$authtypecode\">";
exit;