From 9cf2a4b730829d47f3af51c5ec07fb6ae80aeb8b Mon Sep 17 00:00:00 2001 From: Andrew Moore Date: Thu, 20 Mar 2008 17:32:10 -0500 Subject: [PATCH] bug 1953: using placeholders in C4::Acquisition::GetParcel Signed-off-by: Galen Charlton Signed-off-by: Joshua Ferraro --- C4/Acquisition.pm | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/C4/Acquisition.pm b/C4/Acquisition.pm index e7547fd8a5..40badc9099 100644 --- a/C4/Acquisition.pm +++ b/C4/Acquisition.pm @@ -227,7 +227,6 @@ sub GetPendingOrders { $strsth .= " and (borrowers.branchcode = ? or borrowers.branchcode = '')"; push @query_params, $userenv->{branch}; - } } $strsth .= " group by aqbasket.basketno" if $grouped; @@ -844,20 +843,19 @@ sub GetParcel { AND aqorders.booksellerinvoicenumber LIKE \"$code\" AND aqorders.datereceived= \'$datereceived\'"; + my @query_params = ( $supplierid ); if ( C4::Context->preference("IndependantBranches") ) { my $userenv = C4::Context->userenv; if ( ($userenv) && ( $userenv->{flags} != 1 ) ) { - $strsth .= - " AND (borrowers.branchcode = '" - . $userenv->{branch} - . "' OR borrowers.branchcode ='')"; + $strsth .= " and (borrowers.branchcode = ? + or borrowers.branchcode = '')"; + push @query_params, $userenv->{branch}; } } $strsth .= " ORDER BY aqbasket.basketno"; ### parcelinformation : $strsth - # warn "STH : $strsth"; my $sth = $dbh->prepare($strsth); - $sth->execute($supplierid); + $sth->execute( @query_params ); while ( my $data = $sth->fetchrow_hashref ) { push( @results, $data ); } -- 2.39.5