From 496c07ede0a672379a54a90d7f56b6d088a14d5a Mon Sep 17 00:00:00 2001
From: tipaul <tipaul>
Date: Fri, 28 Nov 2003 09:48:33 +0000
Subject: [PATCH] bugfix : misusing prepare & execute => now using prepare(?)
 and execute($var)

---
 C4/Biblio.pm | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/C4/Biblio.pm b/C4/Biblio.pm
index 5b56cfe233..eafaaa444a 100644
--- a/C4/Biblio.pm
+++ b/C4/Biblio.pm
@@ -1265,26 +1265,26 @@ sub OLDmodsubject {
 	for (my $i = 0; $i < $count; $i++) {
 		$subject[$i] =~ s/^ //g;
 		$subject[$i] =~ s/ $//g;
-		my $query = "select * from catalogueentry where entrytype = 's' and catalogueentry = '$subject[$i]'";
+		my $query = "select * from catalogueentry where entrytype = 's' and catalogueentry = ?";
 		my $sth   = $dbh->prepare($query);
-		$sth->execute;
+		$sth->execute($subject[$i]);
 
 		if (my $data = $sth->fetchrow_hashref) {
 		} else {
 			if ($force eq $subject[$i] || $force == 1) {
 				# subject not in aut, chosen to force anway
 				# so insert into cataloguentry so its in auth file
-				$query = "Insert into catalogueentry (entrytype,catalogueentry) values ('s','$subject[$i]')";
+				$query = "Insert into catalogueentry (entrytype,catalogueentry) values ('s',?)";
 				my $sth2 = $dbh->prepare($query);
 
-				$sth2->execute;
+				$sth2->execute($subject[$i]);
 				$sth2->finish;
 			} else {
 				$error = "$subject[$i]\n does not exist in the subject authority file";
-				$query = "Select * from catalogueentry where entrytype = 's' and (catalogueentry like '$subject[$i] %'
-									or catalogueentry like '% $subject[$i] %' or catalogueentry like '% $subject[$i]')";
+				$query = "Select * from catalogueentry where entrytype = 's' and (catalogueentry like ?
+									or catalogueentry like ? or catalogueentry like ?)";
 				my $sth2 = $dbh->prepare($query);
-				$sth2->execute;
+				$sth2->execute("$subject[$i] %","% $subject[$i] %","% $subject[$i]");
 				while (my $data = $sth2->fetchrow_hashref) {
 					$error .= "<br>$data->{'catalogueentry'}";
 				} # while
@@ -1294,9 +1294,9 @@ sub OLDmodsubject {
 		$sth->finish;
 	} # else
 	if ($error eq '') {
-		my $query = "Delete from bibliosubject where biblionumber = $bibnum";
+		my $query = "Delete from bibliosubject where biblionumber = ?";
 		my $sth   = $dbh->prepare($query);
-		$sth->execute;
+		$sth->execute($bibnum);
 		$sth->finish;
 		$sth = $dbh->prepare("Insert into bibliosubject values (?,?)");
 		foreach $query (@subject) {
@@ -2217,6 +2217,9 @@ Paul POULAIN paul.poulain@free.fr
 
 # $Id$
 # $Log$
+# Revision 1.74  2003/11/28 09:48:33  tipaul
+# bugfix : misusing prepare & execute => now using prepare(?) and execute($var)
+#
 # Revision 1.73  2003/11/28 09:45:25  tipaul
 # bugfix for iso2709 file import in the "notforloan" field.
 #
-- 
2.20.1