From d8c2e556ce32bfe7389b7d2bfa6e5bb8b9edb268 Mon Sep 17 00:00:00 2001
From: tipaul <tipaul>
Date: Tue, 28 Jan 2003 14:53:30 +0000
Subject: [PATCH] fixing a sql query not using prepare(?) & execute($var)
 method

---
 C4/Catalogue.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/C4/Catalogue.pm b/C4/Catalogue.pm
index 27a2995663..7e3835cb36 100644
--- a/C4/Catalogue.pm
+++ b/C4/Catalogue.pm
@@ -334,11 +334,11 @@ sub receiveorder {
   my $sth=$dbh->prepare($query);
   $sth->execute;
   $sth->finish;
-  $query="update aqorderbreakdown set bookfundid=$bookfund where
-  ordernumber=$ordnum";
+  $query="update aqorderbreakdown set bookfundid=? where
+  ordernumber=?";
   $sth=$dbh->prepare($query);
 #  print $query;
-  $sth->execute;
+  $sth->execute($bookfund,$ordnum);
   $sth->finish;
 }
 
-- 
2.39.5