From 3ab23da580c941c585c33a3e875e350ae9170615 Mon Sep 17 00:00:00 2001 From: slef Date: Thu, 8 Jan 2004 16:28:20 +0000 Subject: [PATCH] DBI call fix for bug 662 --- admin/categoryitem.pl | 44 ++++++++++++++----------------------------- maint/shiftbib.pl | 5 ++--- 2 files changed, 16 insertions(+), 33 deletions(-) diff --git a/admin/categoryitem.pl b/admin/categoryitem.pl index ec44263831..0ba3caeafd 100644 --- a/admin/categoryitem.pl +++ b/admin/categoryitem.pl @@ -52,18 +52,15 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select * from categories where (description like \"$data[0]%\")"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select * from categories where (description like ?)"); + $sth->execute("$data[0]%"); my @results; - my $cnt=0; while (my $data=$sth->fetchrow_hashref){ push(@results,$data); - $cnt ++; } # $sth->execute; $sth->finish; - return ($cnt,\@results); + return (scalar(@results),\@results); } my $input = new CGI; @@ -95,8 +92,8 @@ if ($op eq 'add_form') { my $data; if ($categorycode) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'"); - $sth->execute; + my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?"); + $sth->execute($categorycode); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -120,20 +117,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'add_validate') { $template->param(add_validate => 1); my $dbh = C4::Context->dbh; - my $query = "replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values ("; - $query.= $dbh->quote($input->param('categorycode')).","; - $query.= $dbh->quote($input->param('description')).","; - $query.= $dbh->quote($input->param('enrolmentperiod')).","; - $query.= $dbh->quote($input->param('upperagelimit')).","; - $query.= $dbh->quote($input->param('dateofbirthrequired')).","; - $query.= $dbh->quote($input->param('finetype')).","; - $query.= $dbh->quote($input->param('bulk')).","; - $query.= $dbh->quote($input->param('enrolmentfee')).","; - $query.= $dbh->quote($input->param('issuelimit')).","; - $query.= $dbh->quote($input->param('reservefee')).","; - $query.= $dbh->quote($input->param('overduenoticerequired')).")"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values (?,?,?,?,?,?,?,?,?,?,?)"); + $sth->execute(map {$input->param($_)} ('categorycode','description','enrolmentperiod','upperagelimit','dateofbirthrequired','finetype','bulk','enrolmentfee','issuelimit','reservefee','overduenoticerequired')); $sth->finish; print "data recorded"; print "
"; @@ -145,13 +130,13 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirm') { $template->param(delete_confirm => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode='$categorycode'"); - $sth->execute; + my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode=?"); + $sth->execute($categorycode); my $total = $sth->fetchrow_hashref; print "TOTAL : $categorycode : $total->{'total'}
"; $sth->finish; - my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'"); - $sth2->execute; + my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?"); + $sth2->execute($categorycode); my $data=$sth2->fetchrow_hashref; $sth2->finish; @@ -173,9 +158,8 @@ if ($op eq 'add_form') { $template->param(delete_confirmed => 1); my $dbh = C4::Context->dbh; my $categorycode=uc($input->param('categorycode')); - my $query = "delete from categories where categorycode='$categorycode'"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("delete from categories where categorycode=?"); + $sth->execute($categorycode); $sth->finish; # END $OP eq DELETE_CONFIRMED } else { # DEFAULT @@ -196,7 +180,7 @@ if ($op eq 'add_form') { overduenoticerequired => $results->[$i]{'overduenoticerequired'}, issuelimit => $results->[$i]{'issuelimit'}, reservefee => $results->[$i]{'reservefee'}, - toggle = $toggle ); + toggle => $toggle ); push @loop, \%row; if ( $toggle eq 'white' ) { diff --git a/maint/shiftbib.pl b/maint/shiftbib.pl index 8035167877..ae3bfe8886 100755 --- a/maint/shiftbib.pl +++ b/maint/shiftbib.pl @@ -40,9 +40,8 @@ print startmenu('catalog'); if ($type eq 'change'){ my $biblionumber=$input->param('biblionumber'); my $dbh = C4::Context->dbh; - my $query="Select * from biblio where biblionumber=$biblionumber"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select * from biblio where biblionumber=?"); + $sth->execute($biblionumber); my $data=$sth->fetchrow_hashref; print "Shifting group $bi to biblio $biblionumber
Title:$data->{'title'}
-- 2.39.5