From 2d697ec0ca32d9076cafe9a119c1e84809c84243 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 14 Jan 2014 12:13:31 +0100 Subject: [PATCH] Bug 11549: (follow-up) interpolated variables into SQL statements should not be allowed Signed-off-by: Sonia BOUIS Signed-off-by: Katrin Fischer Signed-off-by: Galen Charlton (cherry picked from commit 6e861c5563ddd807088e31a11776fb49014de27e) Signed-off-by: Fridolin Somers --- C4/Acquisition.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/C4/Acquisition.pm b/C4/Acquisition.pm index d33b6e7a3d..1b29dfdeef 100644 --- a/C4/Acquisition.pm +++ b/C4/Acquisition.pm @@ -1805,7 +1805,7 @@ sub TransferOrder { my $dbh = C4::Context->dbh; my ($query, $sth, $rv); - $query = qq{ + $query = q{ UPDATE aqorders SET datecancellationprinted = CAST(NOW() AS date) WHERE ordernumber = ? @@ -1824,7 +1824,7 @@ sub TransferOrder { WHERE ordernumber = ? }, {}, $newordernumber ); - $query = qq{ + $query = q{ UPDATE aqorders_items SET ordernumber = ? WHERE ordernumber = ? -- 2.39.5