From a610782e6c6ac5cab0ae5b0b1b781808119c1842 Mon Sep 17 00:00:00 2001
From: Andrew Moore <andrew.moore@liblime.com>
Date: Thu, 20 Mar 2008 17:32:11 -0500
Subject: [PATCH] bug 1953: using placeholders in C4::Acquisition::GetParcel

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
---
 C4/Acquisition.pm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/C4/Acquisition.pm b/C4/Acquisition.pm
index 40badc9099..78382d259a 100644
--- a/C4/Acquisition.pm
+++ b/C4/Acquisition.pm
@@ -839,11 +839,11 @@ sub GetParcel {
         LEFT JOIN aqbasket ON aqbasket.basketno=aqorders.basketno
         LEFT JOIN borrowers ON aqbasket.authorisedby=borrowers.borrowernumber
         WHERE 
-            aqbasket.booksellerid=?
-            AND aqorders.booksellerinvoicenumber LIKE  \"$code\"
-            AND aqorders.datereceived= \'$datereceived\'";
+            aqbasket.booksellerid = ?
+            AND aqorders.booksellerinvoicenumber LIKE ?
+            AND aqorders.datereceived = ? ";
 
-    my @query_params = ( $supplierid );
+    my @query_params = ( $supplierid, $code, $datereceived );
     if ( C4::Context->preference("IndependantBranches") ) {
         my $userenv = C4::Context->userenv;
         if ( ($userenv) && ( $userenv->{flags} != 1 ) ) {
-- 
2.39.2