From e4ea107c9b3bf51a2344b9445eef3d648c3269e9 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Wed, 19 Mar 2008 10:11:18 -0500 Subject: [PATCH] use bind variables in GetBorrowersWhoHaveNotBorrowedSince query Signed-off-by: Joshua Ferraro --- C4/Members.pm | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/C4/Members.pm b/C4/Members.pm index 6e0a0b21b2..72c8770dfc 100644 --- a/C4/Members.pm +++ b/C4/Members.pm @@ -1829,7 +1829,7 @@ sub GetBorrowersWhoHaveNotBorrowedSince { $query.=" HAVING latestissue prepare($query); if (scalar(@query_params)>0){ $sth->execute(@query_params); @@ -1875,7 +1875,7 @@ sub GetBorrowersWhoHaveNeverBorrowed { $query.=" AND branchcode= ?"; push @query_params,$filterbranch; } - warn $query; + warn $query if $debug; my $sth = $dbh->prepare($query); if (scalar(@query_params)>0){ @@ -1919,13 +1919,16 @@ sub GetBorrowersWithIssuesHistoryOlderThan { WHERE returndate < ? AND borrowernumber IS NOT NULL "; + my @query_params; + push @query_params, $date; if ($filterbranch){ - $query.=" AND branchcode=\'$filterbranch\'"; + $query.=" AND branchcode = ?"; + push @query_params, $filterbranch; } $query.=" GROUP BY borrowernumber "; - warn $query; + warn $query if $debug; my $sth = $dbh->prepare($query); - $sth->execute($date); + $sth->execute(@query_params); my @results; while ( my $data = $sth->fetchrow_hashref ) { -- 2.39.5