From f8bde9b03443714343c58e36f28a3a8aac7eedad Mon Sep 17 00:00:00 2001 From: tipaul Date: Mon, 22 Dec 2003 19:16:58 +0000 Subject: [PATCH] sync'ing with rel_2_0 (mostly prepare/execute pb, bug #662) --- C4/Maintainance.pm | 1 - C4/Reserves.pm | 71 +++++++++++++++++--------------------- acqui.simple/addbiblio.pl | 3 +- acqui/acquire.pl | 3 +- acqui/newbiblio.pl | 3 +- admin/aqbudget.pl | 27 ++++++--------- admin/authorised_values.pl | 19 +++++----- admin/checkmarc.pl | 4 +-- admin/systempreferences.pl | 35 +++++++------------ admin/thesaurus.pl | 10 +++--- misc/Install.pm | 2 +- misc/bulkmarcimport.pl | 6 ++-- misc/fines2.pl | 23 +++++------- 13 files changed, 85 insertions(+), 122 deletions(-) diff --git a/C4/Maintainance.pm b/C4/Maintainance.pm index b87457746b..072cfc1c6c 100644 --- a/C4/Maintainance.pm +++ b/C4/Maintainance.pm @@ -135,7 +135,6 @@ sub shiftgroup{ my $sth=$dbh->prepare("update biblioitems set biblionumber=? where biblioitemnumber=?"); $sth->execute($bib,$bi); $sth->finish; - $query=""; $sth=$dbh->prepare("update items set biblionumber=? where biblioitemnumber=?"); $sth->execute($bib,$bi); $sth->finish; diff --git a/C4/Reserves.pm b/C4/Reserves.pm index c6a39c431b..3632640dea 100755 --- a/C4/Reserves.pm +++ b/C4/Reserves.pm @@ -28,8 +28,8 @@ use C4::Context; use C4::Format; use C4::Accounts; use C4::Stats; -use C4::InterfaceCDK; -use C4::Interface::ReserveentCDK; +#use C4::InterfaceCDK; +#use C4::Interface::ReserveentCDK; use C4::Circulation::Main; use C4::Circulation::Borrower; use C4::Search; @@ -116,14 +116,13 @@ sub EnterReserves{ my @items = GetItems($env,$biblionumber); my $cnt_it = @items; my $dbh = C4::Context->dbh; - my $query = "Select * from biblio where biblionumber = $biblionumber"; - my $sth = $dbh->prepare($query); - $sth->execute; + my $query = ""; + my $sth = $dbh->prepare("Select * from biblio where biblionumber = ?"); + $sth->execute($biblionumber); my $data=$sth->fetchrow_hashref; $sth->finish; my @branches; - my $query = "select * from branches where issuing=1 order by branchname"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("select * from branches where issuing=1 order by branchname"); $sth->execute; while (my $branchrec=$sth->fetchrow_hashref) { my $branchdet = @@ -164,11 +163,10 @@ sub CalcReserveFee { #check for issues; my $dbh = C4::Context->dbh; my $const = lc substr($constraint,0,1); - my $query = "select * from borrowers,categories - where (borrowernumber = '$borrnum') - and (borrowers.categorycode = categories.categorycode)"; - my $sth = $dbh->prepare($query); - $sth->execute; + my $sth = $dbh->prepare("select * from borrowers,categories + where (borrowernumber = ?) + and (borrowers.categorycode = categories.categorycode)"); + $sth->execute($borrnum); my $data = $sth->fetchrow_hashref; $sth->finish(); my $fee = $data->{'reservefee'}; @@ -177,11 +175,10 @@ sub CalcReserveFee { # check for items on issue # first find biblioitem records my @biblioitems; - my $query1 = "select * from biblio,biblioitems - where (biblio.biblionumber = '$biblionumber') - and (biblio.biblionumber = biblioitems.biblionumber)"; - my $sth1 = $dbh->prepare($query1); - $sth1->execute(); + my $sth1 = $dbh->prepare("select * from biblio,biblioitems + where (biblio.biblionumber = ?) + and (biblio.biblionumber = biblioitems.biblionumber)"); + $sth1->execute($biblionumber); while (my $data1=$sth1->fetchrow_hashref) { if ($const eq "a") { push @biblioitems,$data1; @@ -205,24 +202,21 @@ sub CalcReserveFee { my $allissued = 1; while ($x < $cntitemsfound) { my $bitdata = @biblioitems[$x]; - my $query2 = "select * from items - where biblioitemnumber = '$bitdata->{'biblioitemnumber'}'"; - my $sth2 = $dbh->prepare($query2); - $sth2->execute; + my $sth2 = $dbh->prepare("select * from items + where biblioitemnumber = ?"); + $sth2->execute($bitdata->{'biblioitemnumber'}); while (my $itdata=$sth2->fetchrow_hashref) { - my $query3 = "select * from issues - where itemnumber = '$itdata->{'itemnumber'}' and returndate is null"; - my $sth3 = $dbh->prepare($query3); - $sth3->execute(); + my $sth3 = $dbh->prepare("select * from issues + where itemnumber = ? and returndate is null"); + $sth3->execute($itdata->{'itemnumber'}); if (my $isdata=$sth3->fetchrow_hashref) { } else {$allissued = 0; } } $x++; } if ($allissued == 0) { - my $rquery = "select * from reserves - where biblionumber = '$biblionumber'"; - my $rsth = $dbh->prepare($rquery); - $rsth->execute(); + my $rsth = $dbh->prepare("select * from reserves + where biblionumber = ?"); + $rsth->execute($biblionumber); if (my $rdata = $rsth->fetchrow_hashref) { } else { $fee = 0; } @@ -245,26 +239,23 @@ sub CreateReserve { # updates take place here if ($fee > 0) { my $nextacctno = &getnextacctno($env,$borrnum,$dbh); - my $updquery = "insert into accountlines + my $usth = $dbh->prepare("insert into accountlines (borrowernumber,accountno,date,amount,description,accounttype,amountoutstanding) - values ($borrnum,$nextacctno,now(),$fee,'Reserve Charge','Res',$fee)"; - my $usth = $dbh->prepare($updquery); - $usth->execute; + values (?,?,now(),?,'Reserve Charge','Res',?)"); + $usth->execute($borrnum,$nextacctno,$fee,$fee); $usth->finish; } - my $query="insert into reserves (borrowernumber,biblionumber,reservedate,branchcode,constrainttype) values ('$borrnum','$biblionumber','$resdate','$branch','$const')"; - my $sth = $dbh->prepare($query); - $sth->execute(); + my $sth = $dbh->prepare("insert into reserves (borrowernumber,biblionumber,reservedate,branchcode,constrainttype) values (?,?,?,?,?)"); + $sth->execute($borrnum,$biblionumber,$resdate,$branch,$const); if (($const eq "o") || ($const eq "e")) { my $numitems = @$bibitems; my $i = 0; while ($i < $numitems) { my $biblioitem = @$bibitems[$i]; - my $query = "insert into reserveconstraints + my $sth = $dbh->prepare("insert into reserveconstraints (borrowernumber,biblionumber,reservedate,biblioitemnumber) - values ('$borrnum','$biblionumber','$resdate','$biblioitem')"; - my $sth = $dbh->prepare($query); - $sth->execute(); + values (?,?,?,?)"); + $sth->execute($borrnum,$biblionumber,$resdate,$biblioitem); $i++; } } diff --git a/acqui.simple/addbiblio.pl b/acqui.simple/addbiblio.pl index 7c17ee0c3e..ac17600ce9 100755 --- a/acqui.simple/addbiblio.pl +++ b/acqui.simple/addbiblio.pl @@ -230,7 +230,8 @@ sub build_tabs ($$$$) { foreach my $subfield (sort( keys %{$tagslib->{$tag}})) { next if subfield_is_koha_internal_p($subfield); next if ($tagslib->{$tag}->{$subfield}->{tab} ne $tabloop); - next if (defined($record->field($tag)->subfield($subfield))); + next if ($tag > 10 && defined($record->field($tag)->subfield($subfield))); + next if ($tag < 10 && defined($record->field($tag)->data())); push(@subfields_data, &create_input($tag,$subfield,'',$i,$tabloop,$record,$authorised_values_sth)); $i++; } diff --git a/acqui/acquire.pl b/acqui/acquire.pl index 0b0ec90860..2cd9dbe41b 100755 --- a/acqui/acquire.pl +++ b/acqui/acquire.pl @@ -60,8 +60,7 @@ my ($template, $loggedinuser, $cookie) $template->param($count); if ($count == 1){ - my $query="Select itemtype,description from itemtypes order by description"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("Select itemtype,description from itemtypes order by description"); $sth->execute; my @itemtype; my %itemtypes; diff --git a/acqui/newbiblio.pl b/acqui/newbiblio.pl index b45b804d03..90fe406be7 100755 --- a/acqui/newbiblio.pl +++ b/acqui/newbiblio.pl @@ -78,8 +78,7 @@ for (my $i=0;$i<$count;$i++){ push @loop_currency, \%line; } -my $query="Select itemtype,description from itemtypes order by description"; -my $sth=$dbh->prepare($query); +my $sth=$dbh->prepare("Select itemtype,description from itemtypes order by description"); $sth->execute; my @itemtype; my %itemtypes; diff --git a/admin/aqbudget.pl b/admin/aqbudget.pl index 7c612a5308..8d8583eb3a 100755 --- a/admin/aqbudget.pl +++ b/admin/aqbudget.pl @@ -53,9 +53,8 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where (bookfundid like \"$data[0]%\") order by bookfundid,aqbudgetid"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where (bookfundid like ?) order by bookfundid,aqbudgetid"); + $sth->execute("$data[0]%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -103,10 +102,8 @@ if ($op eq 'add_form') { my $dataaqbookfund; if ($aqbudgetid) { my $dbh = C4::Context->dbh; - my $query="select aqbudgetid,bookfundname,aqbookfund.bookfundid,startdate,enddate,budgetamount from aqbudget,aqbookfund where aqbudgetid='$aqbudgetid' and aqbudget.bookfundid=aqbookfund.bookfundid"; -# print $query; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("select aqbudgetid,bookfundname,aqbookfund.bookfundid,startdate,enddate,budgetamount from aqbudget,aqbookfund where aqbudgetid=? and aqbudget.bookfundid=aqbookfund.bookfundid"); + $sth->execute($aqbudgetid); $dataaqbudget=$sth->fetchrow_hashref; $sth->finish; } @@ -136,8 +133,7 @@ if ($op eq 'add_form') { # called by add_form, used to insert/modify data in DB } elsif ($op eq 'add_validate') { my $dbh = C4::Context->dbh; - my $query = "replace aqbudget (aqbudgetid,bookfundid,startdate,enddate,budgetamount) values (?,?,?,?,?)"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("replace aqbudget (aqbudgetid,bookfundid,startdate,enddate,budgetamount) values (?,?,?,?,?)"); $sth->execute($input->param('aqbudgetid'),$input->param('bookfundid'), format_date_in_iso($input->param('startdate')), format_date_in_iso($input->param('enddate')), @@ -151,8 +147,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where aqbudgetid='$aqbudgetid'"); - $sth->execute; + my $sth=$dbh->prepare("select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where aqbudgetid=?"); + $sth->execute($aqbudgetid); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(bookfundid => $bookfundid); @@ -166,9 +162,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; my $aqbudgetid=uc($input->param('aqbudgetid')); - my $query = "delete from aqbudget where aqbudgetid='$aqbudgetid'"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("delete from aqbudget where aqbudgetid=?"); + $sth->execute($aqbudgetid); $sth->finish; print $input->redirect("aqbookfund.pl"); return; @@ -189,9 +184,7 @@ if ($op eq 'add_form') { # $fines=$fines+0; my $dataaqbookfund; my $dbh = C4::Context->dbh; - my $query="select bookfundid,bookfundname from aqbookfund where bookfundid=?"; -# print $query; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("select bookfundid,bookfundname from aqbookfund where bookfundid=?"); $sth->execute($results->[$i]{'bookfundid'}); $dataaqbookfund=$sth->fetchrow_hashref; $sth->finish; diff --git a/admin/authorised_values.pl b/admin/authorised_values.pl index 5e78c6648d..cd735a8423 100755 --- a/admin/authorised_values.pl +++ b/admin/authorised_values.pl @@ -34,9 +34,8 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select id,category,authorised_value,lib from authorised_values where (category like \"$data[0]%\") order by category,authorised_value"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select id,category,authorised_value,lib from authorised_values where (category like ?) order by category,authorised_value"); + $sth->execute("$data[0]%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -51,8 +50,6 @@ my $input = new CGI; my $searchfield=$input->param('searchfield'); $searchfield=~ s/\,//g; my $id = $input->param('id'); -my $reqsel="select category,authorised_value,lib from authorised_values where id='$id'"; -my $reqdel="delete from authorised_values where id='$id'"; my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/authorised_values.pl"; my $dbh = C4::Context->dbh; @@ -81,8 +78,8 @@ if ($op eq 'add_form') { my $data; if ($id) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select id,category,authorised_value,lib from authorised_values where id='$id'"); - $sth->execute; + my $sth=$dbh->prepare("select id,category,authorised_value,lib from authorised_values where id=?"); + $sth->execute($id); $data=$sth->fetchrow_hashref; $sth->finish; } else { @@ -121,8 +118,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select category,authorised_value,lib from authorised_values where id=?"); + $sth->execute($id); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(searchfield => $searchfield, @@ -135,8 +132,8 @@ if ($op eq 'add_form') { # called by delete_confirm, used to effectively confirm deletion of data in DB } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from authorised_values where id=?"); + $sth->execute($id); $sth->finish; print "Content-Type: text/html\n\n"; exit; diff --git a/admin/checkmarc.pl b/admin/checkmarc.pl index 30cd2c55d4..82b5e062fe 100755 --- a/admin/checkmarc.pl +++ b/admin/checkmarc.pl @@ -82,8 +82,8 @@ while (($res,$res2,$field) = $sth->fetchrow) { $subtotal++; } } -$sth = $dbh->prepare("select kohafield from marc_subfield_structure where tagfield=$tagfield"); -$sth->execute; +$sth = $dbh->prepare("select kohafield from marc_subfield_structure where tagfield=?"); +$sth->execute($tagfield); while (($res2) = $sth->fetchrow) { if (!$res2 || $res2 =~ /^items/) { } else { diff --git a/admin/systempreferences.pl b/admin/systempreferences.pl index 87e046b763..e7cc74c3ca 100755 --- a/admin/systempreferences.pl +++ b/admin/systempreferences.pl @@ -54,9 +54,8 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select variable,value,explanation,type,options from systempreferences where (variable like \"$data[0]%\") order by variable"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select variable,value,explanation,type,options from systempreferences where (variable like ?) order by variable"); + $sth->execute("$data[0]%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -69,9 +68,6 @@ sub StringSearch { my $input = new CGI; my $searchfield=$input->param('searchfield'); -my $pkfield="variable"; -my $reqsel="select variable,value,explanation,type,options from systempreferences where $pkfield='$searchfield'"; -my $reqdel="delete from systempreferences where $pkfield='$searchfield'"; my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/systempreferences.pl"; @@ -135,15 +131,13 @@ if ($op eq 'update_and_reedit') { $sth->execute($input->param('variable')); if ($sth->rows) { unless (C4::Context->config('demo') eq 1) { - my $query = "update systempreferences set value=?,explanation=? where variable=?"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("update systempreferences set value=?,explanation=? where variable=?"); $sth->execute($value, $input->param('explanation'), $input->param('variable')); $sth->finish; } } else { unless (C4::Context->config('demo') eq 1) { - my $query = "insert into systempreferences (variable,value,explanation) values (?,?,?)"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("insert into systempreferences (variable,value,explanation) values (?,?,?)"); $sth->execute($input->param('variable'), $input->param('value'), $input->param('explanation')); $sth->finish; } @@ -160,8 +154,8 @@ if ($op eq 'add_form') { my $data; if ($searchfield) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable='$searchfield'"); - $sth->execute; + my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable=?"); + $sth->execute($searchfield); $data=$sth->fetchrow_hashref; $sth->finish; $template->param(modify => 1); @@ -236,20 +230,17 @@ if ($op eq 'add_form') { # called by add_form, used to insert/modify data in DB } elsif ($op eq 'add_validate') { my $dbh = C4::Context->dbh; - my $query="select * from systempreferences where variable=?"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("select * from systempreferences where variable=?"); $sth->execute($input->param('variable')); if ($sth->rows) { unless (C4::Context->config('demo') eq 1) { - my $query = "update systempreferences set value=?,explanation=? where variable=?"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("update systempreferences set value=?,explanation=? where variable=?"); $sth->execute($input->param('value'), $input->param('explanation'), $input->param('variable')); $sth->finish; } } else { unless (C4::Context->config('demo') eq 1) { - my $query = "insert into systempreferences (variable,value,explanation) values (?,?,?)"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("insert into systempreferences (variable,value,explanation) values (?,?,?)"); $sth->execute($input->param('variable'), $input->param('value'), $input->param('explanation')); $sth->finish; } @@ -259,8 +250,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable=?"); + $sth->execute($searchfield); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(searchfield => $searchfield, @@ -272,8 +263,8 @@ if ($op eq 'add_form') { # called by delete_confirm, used to effectively confirm deletion of data in DB } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from systempreferences where variable=?"); + $sth->execute($searchfield); $sth->finish; # END $OP eq DELETE_CONFIRMED ################## DEFAULT ################################## diff --git a/admin/thesaurus.pl b/admin/thesaurus.pl index 9c03d38e22..69f7aca1c3 100755 --- a/admin/thesaurus.pl +++ b/admin/thesaurus.pl @@ -38,7 +38,7 @@ my $id = $input->param('id'); my $offset=$input->param('offset'); my $father=$input->param('father'); -my $reqsel="select category,stdlib,freelib from bibliothesaurus where id='$id'"; +my $reqsel=""; my $reqdel="delete from bibliothesaurus where id='$id'"; my $script_name="/cgi-bin/koha/admin/thesaurus.pl"; my $dbh = C4::Context->dbh; @@ -73,8 +73,8 @@ if ($op eq 'add_form') { my $data; if ($id) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select id,category,freelib,stdlib from bibliothesaurus where id='$id'"); - $sth->execute; + my $sth=$dbh->prepare("select id,category,freelib,stdlib from bibliothesaurus where id=?"); + $sth->execute($id); $data=$sth->fetchrow_hashref; $sth->finish; } else { @@ -123,8 +123,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select category,stdlib,freelib from bibliothesaurus where id=?"); + $sth->execute($id); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(search_category => $search_category, diff --git a/misc/Install.pm b/misc/Install.pm index e9a6e6e279..a4cfe8eb86 100644 --- a/misc/Install.pm +++ b/misc/Install.pm @@ -845,7 +845,7 @@ sub checkperlmodules { if (@missing > 0) { my $missing=''; - if (POSIX::setlocale(LC_ALL) != "C") { + if (POSIX::setlocale(LC_ALL) ne "C") { $missing.=" export LC_ALL=C\n"; } foreach my $module (@missing) { diff --git a/misc/bulkmarcimport.pl b/misc/bulkmarcimport.pl index d38468d266..1a24a45c18 100755 --- a/misc/bulkmarcimport.pl +++ b/misc/bulkmarcimport.pl @@ -80,7 +80,6 @@ while ( my $record = $batch->next() ) { $i++; #now, parse the record, extract the item fields, and store them in somewhere else. -# $record = MARC::File::USMARC::decode(char_decode($record->as_usmarc(),$char_encoding)); ## create an empty record object to populate my $newRecord = MARC::Record->new(); @@ -98,8 +97,9 @@ while ( my $record = $batch->next() ) { # go through each subfield code/data pair foreach my $pair ( $oldField->subfields() ) { - # upper case the data portion and store - push( @newSubfields, $pair->[0], char_decode($pair->[1],$char_encoding) ); + $pair->[1] =~ s/\[1] =~ s/\>//g; + push( @newSubfields, $pair->[0], char_decode($pair->[1],$char_encoding) ); } # add the new field to our new record diff --git a/misc/fines2.pl b/misc/fines2.pl index 02bc13d87c..dc621896b9 100755 --- a/misc/fines2.pl +++ b/misc/fines2.pl @@ -109,9 +109,8 @@ for (my $i=0;$i<$numOverdueItems;$i++){ # separate function # my $dbh = C4::Context->dbh; - my $query="Select * from borrowers where borrowernumber='$borrower->{'guarantor'}'"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select * from borrowers where borrowernumber=?"); + $sth->execute($borrower->{'guarantor'}); my $tdata=$sth->fetchrow_hashref; $sth->finish; $borrower->{'phone'}=$tdata->{'phone'}; @@ -137,22 +136,16 @@ for (my $i=0;$i<$numOverdueItems;$i++){ # FIXME # this should be a separate function # - $item->{'title'}=~ s/\'/\\'/g; - my $query="Insert into accountlines + my $sth=$dbh->prepare("Insert into accountlines (borrowernumber,itemnumber,accountno,date,amount, description,accounttype,amountoutstanding) values - ($data->[$i]->{'borrowernumber'},$data->[$i]->{'itemnumber'}, - '$accountno',now(),'$cost','Lost item $item->{'title'} $item->{'barcode'} $due','L','$cost')"; - my $sth=$dbh->prepare($query); - $sth->execute; + (?,?,?,now(),?,?,'L',?)"); + $sth->execute($data->[$i]->{'borrowernumber'},$data->[$i]->{'itemnumber'}, + $accountno,$cost,"Lost item $item->{'title'} $item->{'barcode'} $due",$cost); $sth->finish; - $query="update items set itemlost=2 where itemnumber='$data->[$i]->{'itemnumber'}'"; - $sth=$dbh->prepare($query); - $sth->execute; + $sth=$dbh->prepare("update items set itemlost=2 where itemnumber=?"); + $sth->execute($data->[$i]->{'itemnumber'}); $sth->finish; - } else { # FIXME - # this should be deleted - # } } } -- 2.20.1