From 8b3c9e3ef975c72fb025930d58358d3564cb0aac Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A8re=20S=C3=A9bastien=20Marie?= Date: Sun, 27 Feb 2011 15:36:12 +0100 Subject: [PATCH] Bug 6452: Use placeholders in sql MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Frère Sébastien Marie Signed-off-by: Chris Cormack --- C4/Acquisition.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/C4/Acquisition.pm b/C4/Acquisition.pm index e431bd20d7..45c1948974 100644 --- a/C4/Acquisition.pm +++ b/C4/Acquisition.pm @@ -1352,8 +1352,9 @@ sub GetParcels { sum(quantity) AS itemsexpected, sum(quantityreceived) AS itemsreceived FROM aqorders LEFT JOIN aqbasket ON aqbasket.basketno = aqorders.basketno - WHERE aqbasket.booksellerid = $bookseller and datereceived IS NOT NULL + WHERE aqbasket.booksellerid = ? and datereceived IS NOT NULL "; + push @query_params, $bookseller; if ( defined $code ) { $strsth .= ' and aqorders.booksellerinvoicenumber like ? '; -- 2.39.5