From 13739fb5e32813c0ff4b69d9573b9b75c7338d2c Mon Sep 17 00:00:00 2001 From: acli Date: Sun, 9 Feb 2003 06:39:07 +0000 Subject: [PATCH] Use ? for variables in all SQL statements --- admin/branches.pl | 53 ++++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/admin/branches.pl b/admin/branches.pl index edbadb3312..17fdd56d8f 100755 --- a/admin/branches.pl +++ b/admin/branches.pl @@ -2,7 +2,7 @@ # NOTE: Use standard 8-space tabs for this file (indents are 4 spaces) #require '/u/acli/lib/cvs.pl';#DEBUG -open(DEBUG,'>/tmp/koha.debug'); +#open(DEBUG,'>/tmp/koha.debug'); # FIXME: individual fields in branch address need to be exported to templates, # in order to fix bug 180; need to notify translators @@ -14,6 +14,9 @@ open(DEBUG,'>/tmp/koha.debug'); # FIXME: there are too many TMPL_IF's; the proper way to do it is to have # separate templates for each individual action; need to notify # translators +# FIXME: there are lots of error messages exported to the template; a lot +# of these should be converted into exported booleans / counters etc +# so that the error messages can be localized; need to notify translators # Finlay working on this file from 26-03-2002 # Reorganising this branches admin page..... @@ -168,7 +171,7 @@ sub editbranchform { # FIXME: this way of doing it is wrong (bug 130) my $catinfo = getcategoryinfo(); my $catcheckbox; - print DEBUG "catinfo=".cvs($catinfo)."\n"; +# print DEBUG "catinfo=".cvs($catinfo)."\n"; foreach my $cat (@$catinfo) { my $checked = ""; my $tmp = $cat->{'categorycode'}; @@ -202,6 +205,7 @@ sub branchinfotable { my @loop_data =(); foreach my $branch (@$branchinfo) { ($color eq $linecolor1) ? ($color=$linecolor2) : ($color=$linecolor1); + # FIXME. The $address should not be pre-composed (bug 180) my $address = ''; $address .= $branch->{'branchaddress1'} if ($branch->{'branchaddress1'}); $address .= '
'.$branch->{'branchaddress2'} if ($branch->{'branchaddress2'}); @@ -271,21 +275,20 @@ sub getbranchinfo { my ($branchcode) = @_; my $dbh = C4::Context->dbh; - my $query; + my ($query, @query_args); if ($branchcode) { - my $bc = $dbh->quote($branchcode); - $query = "Select * from branches where branchcode = $bc"; + $query = "Select * from branches where branchcode = ?"; + @query_args = ($branchcode); } else { $query = "Select * from branches"; } my $sth = $dbh->prepare($query); - $sth->execute; + $sth->execute(@query_args); my @results; while (my $data = $sth->fetchrow_hashref) { - my $tmp = $data->{'branchcode'}; my $brc = $dbh->quote($tmp); - $query = "select categorycode from branchrelations where branchcode = $brc"; + $query = "select categorycode from branchrelations where branchcode = ?"; my $nsth = $dbh->prepare($query); - $nsth->execute; + $nsth->execute($data->{'branchcode'});; my @cats = (); while (my ($cat) = $nsth->fetchrow_array) { push(@cats, $cat); @@ -303,26 +306,27 @@ sub getcategoryinfo { # returns a reference to an array of hashes containing branches, my ($catcode) = @_; my $dbh = C4::Context->dbh; - my $query; - print DEBUG "getcategoryinfo: entry: catcode=".cvs($catcode)."\n"; + my ($query, @query_args); +# print DEBUG "getcategoryinfo: entry: catcode=".cvs($catcode)."\n"; if ($catcode) { - my $cc = $dbh->quote($catcode); - $query = "select * from branchcategories where categorycode = $cc"; + $query = "select * from branchcategories where categorycode = ?"; + @query_args = ($catcode); } else { $query = "Select * from branchcategories"; } - print DEBUG "getcategoryinfo: query=".cvs($query)."\n"; +# print DEBUG "getcategoryinfo: query=".cvs($query)."\n"; my $sth = $dbh->prepare($query); - $sth->execute; + $sth->execute(@query_args); my @results; while (my $data = $sth->fetchrow_hashref) { push(@results, $data); } $sth->finish; - print DEBUG "getcategoryinfo: exit: returning ".cvs(\@results)."\n"; +# print DEBUG "getcategoryinfo: exit: returning ".cvs(\@results)."\n"; return \@results; } +# FIXME This doesn't belong here; it should be moved into a module sub setbranchinfo { # sets the data from the editbranch form, and writes to the database... my ($data) = @_; @@ -368,15 +372,15 @@ sub setbranchinfo { # FIXME - There's already a $dbh in this scope. my $dbh = C4::Context->dbh; foreach my $cat (@addcats) { - my $query = "insert into branchrelations (branchcode, categorycode) values('$branchcode', '$cat')"; + my $query = "insert into branchrelations (branchcode, categorycode) values(?, ?)"; my $sth = $dbh->prepare($query); - $sth->execute; + $sth->execute($branchcode, $cat); $sth->finish; } foreach my $cat (@removecats) { - my $query = "delete from branchrelations where branchcode='$branchcode' and categorycode='$cat'"; + my $query = "delete from branchrelations where branchcode=? and categorycode=?"; my $sth = $dbh->prepare($query); - $sth->execute; + $sth->execute($branchcode, $cat); $sth->finish; } } @@ -384,10 +388,10 @@ sub setbranchinfo { sub deletebranch { # delete branch... my ($branchcode) = @_; - my $query = "delete from branches where branchcode = '$branchcode'"; + my $query = "delete from branches where branchcode = ?"; my $dbh = C4::Context->dbh; my $sth=$dbh->prepare($query); - $sth->execute; + $sth->execute($branchcode); $sth->finish; } @@ -395,12 +399,13 @@ sub checkdatabasefor { # check to see if the branchcode is being used in the database somewhere.... my ($branchcode) = @_; my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select count(*) from items where holdingbranch='$branchcode' or homebranch='$branchcode'"); - $sth->execute; + my $sth=$dbh->prepare("select count(*) from items where holdingbranch=? or homebranch=?"); + $sth->execute($branchcode, $branchcode); my ($total) = $sth->fetchrow_array; $sth->finish; my $message; if ($total) { + # FIXME: need to be replaced by an exported boolean parameter $message = "Branch cannot be deleted because there are $total items using that branch."; } return $message; -- 2.39.5