From f3258cc3118d3cc13a2ef7447dff87a7b4a12c04 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Tue, 1 Apr 2008 12:01:09 -0500 Subject: [PATCH] SQL cleanup in new circ scripts: use placeholders Signed-off-by: Joshua Ferraro --- circ/billing.pl | 44 +++++++++++++++++++++++------------------ circ/pendingreserves.pl | 35 +++++++++++++++++--------------- circ/reserveratios.pl | 36 ++++++++++++++++++--------------- 3 files changed, 64 insertions(+), 51 deletions(-) diff --git a/circ/billing.pl b/circ/billing.pl index a1586a7144..764899cc86 100755 --- a/circ/billing.pl +++ b/circ/billing.pl @@ -87,26 +87,34 @@ if (!defined($max_bill) or $max_bill eq "") { my $dbh = C4::Context->dbh; my ($sqlorderby, $sqldatewhere, $presqldatewhere) = ("","",""); $debug and warn format_date_in_iso($startdate) . "\n" . format_date_in_iso($enddate); +my @query_params = (); # the dates below is to check for compliance of the current date range -#$sqldatewhere .= " AND date >= " . $dbh->quote(format_date_in_iso($startdate)) if ($startdate) ; -$sqldatewhere .= " AND date <= " . $dbh->quote(format_date_in_iso($enddate)) if ($enddate) ; +if ($enddate) { + $sqldatewhere .= " AND date <= ?"; + push @query_params, format_date_in_iso($enddate); +} +push @query_params, $max_bill; # the date below is to check for compliance of all fees prior -$presqldatewhere .= " AND date < " . $dbh->quote(format_date_in_iso($startdate)) if ($startdate) ; +if ($startdate) { + $presqldatewhere .= " AND date < ?"; + push @query_params, format_date_in_iso($startdate); +} +push @query_params, $max_bill; if ($order eq "patron") { - $sqlorderby = " order by surname, firstname "; + $sqlorderby = " ORDER BY surname, firstname "; } elsif ($order eq "fee") { - $sqlorderby = " order by l_amountoutstanding DESC "; + $sqlorderby = " ORDER BY l_amountoutstanding DESC "; } elsif ($order eq "desc") { - $sqlorderby = " order by l_description "; + $sqlorderby = " ORDER BY l_description "; } elsif ($order eq "type") { - $sqlorderby = " order by l_accounttype "; + $sqlorderby = " ORDER BY l_accounttype "; } elsif ($order eq "date") { - $sqlorderby = " order by l_date DESC "; + $sqlorderby = " ORDER BY l_date DESC "; } elsif ($order eq "total") { - $sqlorderby = " order by sum_amount DESC "; + $sqlorderby = " ORDER BY sum_amount DESC "; } else { - $sqlorderby = " order by surname, firstname "; + $sqlorderby = " ORDER BY surname, firstname "; } my $strsth = "SELECT @@ -135,27 +143,25 @@ my $strsth = IN (SELECT borrowernumber FROM accountlines where borrowernumber >= 0 $sqldatewhere - GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= $max_bill ) + GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= ? ) AND accountlines.borrowernumber NOT IN (SELECT borrowernumber FROM accountlines where borrowernumber >= 0 $presqldatewhere - GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= $max_bill ) + GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= ? ) "; if (C4::Context->preference('IndependantBranches')){ $strsth .= " AND borrowers.branchcode=? "; + push @query_params, C4::Context->userenv->{'branch'}; } -$strsth .= " GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= $max_bill " . $sqlorderby; +$strsth .= " GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= ? " . $sqlorderby; +push @query_params, $max_bill; + my $sth = $dbh->prepare($strsth); +$sth->execute(@query_params); -if (C4::Context->preference('IndependantBranches')){ - $sth->execute(C4::Context->userenv->{'branch'}); -} -else { - $sth->execute(); -} my @billingdata; my $previous; my $this; diff --git a/circ/pendingreserves.pl b/circ/pendingreserves.pl index b9fa6d90ce..f8ac860edf 100755 --- a/circ/pendingreserves.pl +++ b/circ/pendingreserves.pl @@ -87,24 +87,30 @@ if (!defined($enddate) or $enddate eq "") { my $dbh = C4::Context->dbh; my ($sqlorderby, $sqldatewhere) = ("",""); $debug and warn format_date_in_iso($startdate) . "\n" . format_date_in_iso($enddate); -$sqldatewhere .= " AND reservedate >= " . $dbh->quote(format_date_in_iso($startdate)) if ($startdate) ; -$sqldatewhere .= " AND reservedate <= " . $dbh->quote(format_date_in_iso($enddate)) if ($enddate) ; - +my @query_params = (); +if ($startdate) { + $sqldatewhere .= " AND reservedate >= ?"; + push @query_params, format_date_in_iso($startdate); +} +if ($enddate) { + $sqldatewhere .= " AND reservedate <= ?"; + push @query_params, format_date_in_iso($enddate); +} if ($order eq "biblio") { - $sqlorderby = " order by biblio.title "; + $sqlorderby = " ORDER BY biblio.title "; } elsif ($order eq "itype") { - $sqlorderby = " order by l_itype, location, l_itemcallnumber "; + $sqlorderby = " ORDER BY l_itype, location, l_itemcallnumber "; } elsif ($order eq "location") { - $sqlorderby = " order by location, l_itemcallnumber, holdingbranch "; + $sqlorderby = " ORDER BY location, l_itemcallnumber, holdingbranch "; } elsif ($order eq "date") { - $sqlorderby = " order by l_reservedate, location, l_itemcallnumber "; + $sqlorderby = " ORDER BY l_reservedate, location, l_itemcallnumber "; } elsif ($order eq "library") { - $sqlorderby = " order by holdingbranch, l_itemcallnumber, location "; + $sqlorderby = " ORDER BY holdingbranch, l_itemcallnumber, location "; } elsif ($order eq "call") { - $sqlorderby = " order by l_itemcallnumber, holdingbranch, location "; + $sqlorderby = " ORDER BY l_itemcallnumber, holdingbranch, location "; } else { - $sqlorderby = " order by biblio.title "; + $sqlorderby = " ORDER BY biblio.title "; } my $strsth = "SELECT min(reservedate) as l_reservedate, @@ -152,16 +158,13 @@ AND notforloan = 0 AND damaged = 0 AND itemlost = 0 AND wthdrawn = 0 if (C4::Context->preference('IndependantBranches')){ $strsth .= " AND items.holdingbranch=? "; + push @query_params, C4::Context->userenv->{'branch'}; } $strsth .= " GROUP BY reserves.biblionumber " . $sqlorderby; + my $sth = $dbh->prepare($strsth); +$sth->execute(@query_params); -if (C4::Context->preference('IndependantBranches')){ - $sth->execute(C4::Context->userenv->{'branch'}); -} -else { - $sth->execute(); -} my @reservedata; my $previous; my $this; diff --git a/circ/reserveratios.pl b/circ/reserveratios.pl index 8523a1e7fa..60f01bb006 100755 --- a/circ/reserveratios.pl +++ b/circ/reserveratios.pl @@ -87,25 +87,32 @@ if ($ratio == 0) { my $dbh = C4::Context->dbh; my ($sqlorderby, $sqldatewhere) = ("",""); $debug and warn format_date_in_iso($startdate) . "\n" . format_date_in_iso($enddate); -$sqldatewhere .= " AND reservedate >= " . $dbh->quote(format_date_in_iso($startdate)) if ($startdate) ; -$sqldatewhere .= " AND reservedate <= " . $dbh->quote(format_date_in_iso($enddate)) if ($enddate) ; +my @query_params = (); +if ($startdate) { + $sqldatewhere .= " AND reservedate >= ?"; + push @query_params, format_date_in_iso($startdate); +} +if ($enddate) { + $sqldatewhere .= " AND reservedate <= ?"; + push @query_params, format_date_in_iso($enddate); +} if ($order eq "biblio") { - $sqlorderby = " order by biblio.title, holdingbranch, listcall, l_location "; + $sqlorderby = " ORDER BY biblio.title, holdingbranch, listcall, l_location "; } elsif ($order eq "callnumber") { - $sqlorderby = " order by listcall, holdingbranch, l_location "; + $sqlorderby = " ORDER BY listcall, holdingbranch, l_location "; } elsif ($order eq "itemcount") { - $sqlorderby = " order by itemcount, reservecount "; + $sqlorderby = " ORDER BY itemcount, reservecount "; } elsif ($order eq "itype") { - $sqlorderby = " order by l_itype, holdingbranch, listcall "; + $sqlorderby = " ORDER BY l_itype, holdingbranch, listcall "; } elsif ($order eq "location") { - $sqlorderby = " order by l_location, holdingbranch, listcall "; + $sqlorderby = " ORDER BY l_location, holdingbranch, listcall "; } elsif ($order eq "reservecount") { - $sqlorderby = " order by reservecount DESC "; + $sqlorderby = " ORDER BY reservecount DESC "; } elsif ($order eq "branch") { - $sqlorderby = " order by holdingbranch, l_location, listcall "; + $sqlorderby = " ORDER BY holdingbranch, l_location, listcall "; } else { - $sqlorderby = " order by reservecount DESC "; + $sqlorderby = " ORDER BY reservecount DESC "; } my $strsth = "SELECT reservedate, @@ -140,16 +147,13 @@ notforloan = 0 AND damaged = 0 AND itemlost = 0 AND wthdrawn = 0 if (C4::Context->preference('IndependantBranches')){ $strsth .= " AND items.holdingbranch=? "; + push @query_params, C4::Context->userenv->{'branch'}; } + $strsth .= " GROUP BY reserves.biblionumber " . $sqlorderby; my $sth = $dbh->prepare($strsth); +$sth->execute(@query_params); -if (C4::Context->preference('IndependantBranches')){ - $sth->execute(C4::Context->userenv->{'branch'}); -} -else { - $sth->execute(); -} my @reservedata; while ( my $data = $sth->fetchrow_hashref ) { my @itemlist; -- 2.39.5