From 4475e9a67574c32cd01b47bf6f22aeb3cc0eb648 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A8re=20S=C3=A9bastien=20Marie?= Date: Sun, 27 Feb 2011 15:24:53 +0100 Subject: [PATCH] Bug 6452 : Use placeholders in sql but makepayment seems dead code ? MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Frère Sébastien Marie Signed-off-by: Chris Cormack --- C4/Accounts.pm | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/C4/Accounts.pm b/C4/Accounts.pm index 32054f456f..7bddd1ae64 100644 --- a/C4/Accounts.pm +++ b/C4/Accounts.pm @@ -169,13 +169,11 @@ sub makepayment { my $data = $sth->fetchrow_hashref; $sth->finish; - $dbh->do( - "UPDATE accountlines - SET amountoutstanding = 0 - WHERE borrowernumber = $borrowernumber - AND accountno = $accountno - " - ); + my $sth = $dbh->prepare("UPDATE accountlines + SET amountoutstanding = 0 + WHERE borrowernumber = ? + AND accountno = ?"); + $sth->execute($borrowernumber, $accountno); # print $updquery; # $dbh->do( " @@ -187,20 +185,18 @@ sub makepayment { # create new line my $payment = 0 - $amount; - $dbh->do( " - INSERT INTO accountlines - (borrowernumber, accountno, date, amount, - description, accounttype, amountoutstanding) - VALUES ($borrowernumber, $nextaccntno, now(), $payment, - 'Payment,thanks - $user', 'Pay', 0) - " ); + my $sth = $dbh->prepare("INSERT INTO accountlines + (borrowernumber, accountno, date, amount, + description, accounttype, amountoutstanding) + VALUES (?,?,now(),?,?,'Pay',0)"); + $sth->execute($borrowernumber, $nextaccntno, $payment, "Payment,thanks - $user"); # FIXME - The second argument to &UpdateStats is supposed to be the # branch code. # UpdateStats is now being passed $accountno too. MTJ UpdateStats( $user, 'payment', $amount, '', '', '', $borrowernumber, $accountno ); - $sth->finish; + #from perldoc: for SELECT only #$sth->finish; #check to see what accounttype if ( $data->{'accounttype'} eq 'Rep' || $data->{'accounttype'} eq 'L' ) { -- 2.39.5