From 76b467c9005e9710b5bd872f6c0b0209e32812ba Mon Sep 17 00:00:00 2001
From: rangi <rangi>
Date: Wed, 30 Apr 2003 22:55:54 +0000
Subject: [PATCH] renewbook is used by renewscript.pl Making sure characters
 are escaped in the database insert

---
 C4/Circulation/Renewals2.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/C4/Circulation/Renewals2.pm b/C4/Circulation/Renewals2.pm
index be3393c445..702d50b77e 100755
--- a/C4/Circulation/Renewals2.pm
+++ b/C4/Circulation/Renewals2.pm
@@ -224,9 +224,10 @@ sub renewbook {
     my $account="Insert into accountlines
     (borrowernumber,accountno,date,amount,description,accounttype,amountoutstanding,itemnumber)
     values
-    ('$bornum','$accountno',now(),$charge,'Renewal of Rental Item $item->{'title'} $item->{'barcode'}','Rent',$charge,'$itemno')";
+    (?,?,now(),?,?,?,?,?)";
     $sth=$dbh->prepare($account);
-    $sth->execute;
+    $sth->execute($bornum,$accountno,$charge,"Renewal of Rental Item $item->{'title'} $item->{'barcode'}",
+    'Rent',$charge,$itemno)";
     $sth->finish;
 #     print $account;
   }
-- 
2.39.5