From 896635f8cbaf8682f574e0f87d6b1ffd3e041b49 Mon Sep 17 00:00:00 2001 From: slef Date: Fri, 19 Dec 2003 12:51:17 +0000 Subject: [PATCH] DBI call fix for bug 662 --- admin/aqbudget.pl | 27 ++++++++++----------------- admin/authorised_values.pl | 19 ++++++++----------- admin/systempreferences.pl | 35 +++++++++++++---------------------- 3 files changed, 31 insertions(+), 50 deletions(-) diff --git a/admin/aqbudget.pl b/admin/aqbudget.pl index 7c612a5308..8d8583eb3a 100755 --- a/admin/aqbudget.pl +++ b/admin/aqbudget.pl @@ -53,9 +53,8 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where (bookfundid like \"$data[0]%\") order by bookfundid,aqbudgetid"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where (bookfundid like ?) order by bookfundid,aqbudgetid"); + $sth->execute("$data[0]%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -103,10 +102,8 @@ if ($op eq 'add_form') { my $dataaqbookfund; if ($aqbudgetid) { my $dbh = C4::Context->dbh; - my $query="select aqbudgetid,bookfundname,aqbookfund.bookfundid,startdate,enddate,budgetamount from aqbudget,aqbookfund where aqbudgetid='$aqbudgetid' and aqbudget.bookfundid=aqbookfund.bookfundid"; -# print $query; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("select aqbudgetid,bookfundname,aqbookfund.bookfundid,startdate,enddate,budgetamount from aqbudget,aqbookfund where aqbudgetid=? and aqbudget.bookfundid=aqbookfund.bookfundid"); + $sth->execute($aqbudgetid); $dataaqbudget=$sth->fetchrow_hashref; $sth->finish; } @@ -136,8 +133,7 @@ if ($op eq 'add_form') { # called by add_form, used to insert/modify data in DB } elsif ($op eq 'add_validate') { my $dbh = C4::Context->dbh; - my $query = "replace aqbudget (aqbudgetid,bookfundid,startdate,enddate,budgetamount) values (?,?,?,?,?)"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("replace aqbudget (aqbudgetid,bookfundid,startdate,enddate,budgetamount) values (?,?,?,?,?)"); $sth->execute($input->param('aqbudgetid'),$input->param('bookfundid'), format_date_in_iso($input->param('startdate')), format_date_in_iso($input->param('enddate')), @@ -151,8 +147,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where aqbudgetid='$aqbudgetid'"); - $sth->execute; + my $sth=$dbh->prepare("select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where aqbudgetid=?"); + $sth->execute($aqbudgetid); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(bookfundid => $bookfundid); @@ -166,9 +162,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; my $aqbudgetid=uc($input->param('aqbudgetid')); - my $query = "delete from aqbudget where aqbudgetid='$aqbudgetid'"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("delete from aqbudget where aqbudgetid=?"); + $sth->execute($aqbudgetid); $sth->finish; print $input->redirect("aqbookfund.pl"); return; @@ -189,9 +184,7 @@ if ($op eq 'add_form') { # $fines=$fines+0; my $dataaqbookfund; my $dbh = C4::Context->dbh; - my $query="select bookfundid,bookfundname from aqbookfund where bookfundid=?"; -# print $query; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("select bookfundid,bookfundname from aqbookfund where bookfundid=?"); $sth->execute($results->[$i]{'bookfundid'}); $dataaqbookfund=$sth->fetchrow_hashref; $sth->finish; diff --git a/admin/authorised_values.pl b/admin/authorised_values.pl index 5e78c6648d..cd735a8423 100755 --- a/admin/authorised_values.pl +++ b/admin/authorised_values.pl @@ -34,9 +34,8 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select id,category,authorised_value,lib from authorised_values where (category like \"$data[0]%\") order by category,authorised_value"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select id,category,authorised_value,lib from authorised_values where (category like ?) order by category,authorised_value"); + $sth->execute("$data[0]%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -51,8 +50,6 @@ my $input = new CGI; my $searchfield=$input->param('searchfield'); $searchfield=~ s/\,//g; my $id = $input->param('id'); -my $reqsel="select category,authorised_value,lib from authorised_values where id='$id'"; -my $reqdel="delete from authorised_values where id='$id'"; my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/authorised_values.pl"; my $dbh = C4::Context->dbh; @@ -81,8 +78,8 @@ if ($op eq 'add_form') { my $data; if ($id) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select id,category,authorised_value,lib from authorised_values where id='$id'"); - $sth->execute; + my $sth=$dbh->prepare("select id,category,authorised_value,lib from authorised_values where id=?"); + $sth->execute($id); $data=$sth->fetchrow_hashref; $sth->finish; } else { @@ -121,8 +118,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select category,authorised_value,lib from authorised_values where id=?"); + $sth->execute($id); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(searchfield => $searchfield, @@ -135,8 +132,8 @@ if ($op eq 'add_form') { # called by delete_confirm, used to effectively confirm deletion of data in DB } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from authorised_values where id=?"); + $sth->execute($id); $sth->finish; print "Content-Type: text/html\n\n"; exit; diff --git a/admin/systempreferences.pl b/admin/systempreferences.pl index 87e046b763..e7cc74c3ca 100755 --- a/admin/systempreferences.pl +++ b/admin/systempreferences.pl @@ -54,9 +54,8 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select variable,value,explanation,type,options from systempreferences where (variable like \"$data[0]%\") order by variable"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select variable,value,explanation,type,options from systempreferences where (variable like ?) order by variable"); + $sth->execute("$data[0]%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -69,9 +68,6 @@ sub StringSearch { my $input = new CGI; my $searchfield=$input->param('searchfield'); -my $pkfield="variable"; -my $reqsel="select variable,value,explanation,type,options from systempreferences where $pkfield='$searchfield'"; -my $reqdel="delete from systempreferences where $pkfield='$searchfield'"; my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/systempreferences.pl"; @@ -135,15 +131,13 @@ if ($op eq 'update_and_reedit') { $sth->execute($input->param('variable')); if ($sth->rows) { unless (C4::Context->config('demo') eq 1) { - my $query = "update systempreferences set value=?,explanation=? where variable=?"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("update systempreferences set value=?,explanation=? where variable=?"); $sth->execute($value, $input->param('explanation'), $input->param('variable')); $sth->finish; } } else { unless (C4::Context->config('demo') eq 1) { - my $query = "insert into systempreferences (variable,value,explanation) values (?,?,?)"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("insert into systempreferences (variable,value,explanation) values (?,?,?)"); $sth->execute($input->param('variable'), $input->param('value'), $input->param('explanation')); $sth->finish; } @@ -160,8 +154,8 @@ if ($op eq 'add_form') { my $data; if ($searchfield) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable='$searchfield'"); - $sth->execute; + my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable=?"); + $sth->execute($searchfield); $data=$sth->fetchrow_hashref; $sth->finish; $template->param(modify => 1); @@ -236,20 +230,17 @@ if ($op eq 'add_form') { # called by add_form, used to insert/modify data in DB } elsif ($op eq 'add_validate') { my $dbh = C4::Context->dbh; - my $query="select * from systempreferences where variable=?"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("select * from systempreferences where variable=?"); $sth->execute($input->param('variable')); if ($sth->rows) { unless (C4::Context->config('demo') eq 1) { - my $query = "update systempreferences set value=?,explanation=? where variable=?"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("update systempreferences set value=?,explanation=? where variable=?"); $sth->execute($input->param('value'), $input->param('explanation'), $input->param('variable')); $sth->finish; } } else { unless (C4::Context->config('demo') eq 1) { - my $query = "insert into systempreferences (variable,value,explanation) values (?,?,?)"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("insert into systempreferences (variable,value,explanation) values (?,?,?)"); $sth->execute($input->param('variable'), $input->param('value'), $input->param('explanation')); $sth->finish; } @@ -259,8 +250,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable=?"); + $sth->execute($searchfield); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(searchfield => $searchfield, @@ -272,8 +263,8 @@ if ($op eq 'add_form') { # called by delete_confirm, used to effectively confirm deletion of data in DB } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from systempreferences where variable=?"); + $sth->execute($searchfield); $sth->finish; # END $OP eq DELETE_CONFIRMED ################## DEFAULT ################################## -- 2.39.5