From 7457de546a44fbdf8cc62e92e0aeaef2ec0a9975 Mon Sep 17 00:00:00 2001 From: tipaul Date: Mon, 12 Jan 2004 16:55:05 +0000 Subject: [PATCH] synch'ing with rel_2_0 version --- admin/aqbookfund.pl | 38 +++++++++++-------------- admin/branches.pl | 47 +++++++++++-------------------- admin/categorie.pl | 41 +++++++++------------------ admin/categoryitem.pl | 44 +++++++++-------------------- admin/charges.pl | 9 ++---- admin/currency.pl | 19 ++++++------- admin/itemtypes.pl | 18 +++++------- admin/koha2marclinks.pl | 9 +++--- admin/marc_subfields_structure.pl | 27 ++++++++---------- admin/marctagstructure.pl | 21 ++++++-------- admin/printers.pl | 32 +++++++++------------ admin/stopwords.pl | 21 ++++++-------- admin/z3950servers.pl | 23 ++++++--------- 13 files changed, 135 insertions(+), 214 deletions(-) diff --git a/admin/aqbookfund.pl b/admin/aqbookfund.pl index a577800ac1..29e626b37a 100755 --- a/admin/aqbookfund.pl +++ b/admin/aqbookfund.pl @@ -52,18 +52,15 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="select bookfundid,bookfundname,bookfundgroup from aqbookfund where (bookfundname like \"%$data[0]%\") order by bookfundid"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where (bookfundname like ?) order by bookfundid"); + $sth->execute("%$data[0]%"); my @results; - my $cnt=0; while (my $data=$sth->fetchrow_hashref){ push(@results,$data); - $cnt ++; } # $sth->execute; $sth->finish; - return ($cnt,\@results); + return (scalar(@results),\@results); } my $input = new CGI; @@ -102,8 +99,8 @@ if ($op eq 'add_form') { my $header; if ($bookfundid) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where bookfundid='$bookfundid'"); - $sth->execute; + my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where bookfundid=?"); + $sth->execute($bookfundid); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -127,15 +124,11 @@ if ($op eq 'add_form') { } elsif ($op eq 'add_validate') { my $dbh = C4::Context->dbh; my $bookfundid=uc($input->param('bookfundid')); - my $query = "delete from aqbookfund where bookfundid ='$bookfundid'"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("delete from aqbookfund where bookfundid =?"); + $sth->execute($bookfundid); $sth->finish; - $query = "replace aqbookfund (bookfundid,bookfundname) values ("; - $query.= $dbh->quote($input->param('bookfundid')).","; - $query.= $dbh->quote($input->param('bookfundname')).")"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("replace aqbookfund (bookfundid,bookfundname) values (?,?)"); + $sth->execute($input->param('bookfundid'),$input->param('bookfundname')); $sth->finish; # END $OP eq ADD_VALIDATE ################## DELETE_CONFIRM ################################## @@ -146,8 +139,8 @@ if ($op eq 'add_form') { # $sth->execute; # my $total = $sth->fetchrow_hashref; # $sth->finish; - my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where bookfundid='$bookfundid'"); - $sth->execute; + my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where bookfundid=?"); + $sth->execute($bookfundid); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(bookfundid => $bookfundid); @@ -158,10 +151,11 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; my $bookfundid=uc($input->param('bookfundid')); - my $query = "delete from aqbookfund where bookfundid='$bookfundid'"; - my $sth=$dbh->prepare($query); - $sth->execute; - $dbh->do("delete from aqbudget where bookfundid='$bookfundid'"); + my $sth=$dbh->prepare("delete from aqbookfund where bookfundid=?"); + $sth->execute($bookfundid); + $sth->finish; + $sth=$dbh->prepare("delete from aqbudget where bookfundid=?"); + $sth->execute($bookfundid); $sth->finish; # END $OP eq DELETE_CONFIRMED ################## DEFAULT ################################## diff --git a/admin/branches.pl b/admin/branches.pl index 49f198bb2f..42c3d66561 100755 --- a/admin/branches.pl +++ b/admin/branches.pl @@ -353,20 +353,17 @@ sub getbranchinfo { my ($branchcode) = @_; my $dbh = C4::Context->dbh; - my ($query, @query_args); + my $sth; if ($branchcode) { - $query = "Select * from branches where branchcode = ?"; - @query_args = ($branchcode); + $sth = $dbh->prepare("Select * from branches where branchcode = ? order by branchcode"); + $sth->execute($branchcode); } else { - $query = "Select * from branches"; + $sth = $dbh->prepare("Select * from branches order by branchcode"); + $sth->execute(); } - $query.=" order by branchcode"; - my $sth = $dbh->prepare($query); - $sth->execute(@query_args); my @results; while (my $data = $sth->fetchrow_hashref) { - $query = "select categorycode from branchrelations where branchcode = ?"; - my $nsth = $dbh->prepare($query); + my $nsth = $dbh->prepare("select categorycode from branchrelations where branchcode = ?"); $nsth->execute($data->{'branchcode'});; my @cats = (); while (my ($cat) = $nsth->fetchrow_array) { @@ -385,17 +382,15 @@ sub getcategoryinfo { # returns a reference to an array of hashes containing branches, my ($catcode) = @_; my $dbh = C4::Context->dbh; - my ($query, @query_args); + my $sth; # print DEBUG "getcategoryinfo: entry: catcode=".cvs($catcode)."\n"; if ($catcode) { - $query = "select * from branchcategories where categorycode = ?"; - @query_args = ($catcode); + $sth = $dbh->prepare("select * from branchcategories where categorycode = ?"); + $sth->execute($catcode); } else { - $query = "Select * from branchcategories"; + $sth = $dbh->prepare("Select * from branchcategories"); + $sth->execute(); } - # print DEBUG "getcategoryinfo: query=".cvs($query)."\n"; - my $sth = $dbh->prepare($query); - $sth->execute(@query_args); my @results; while (my $data = $sth->fetchrow_hashref) { push(@results, $data); @@ -410,8 +405,7 @@ sub setbranchinfo { # sets the data from the editbranch form, and writes to the database... my ($data) = @_; my $dbh = C4::Context->dbh; - my $query = "replace branches (branchcode,branchname,branchaddress1,branchaddress2,branchaddress3,branchphone,branchfax,branchemail) values (?,?,?,?,?,?,?,?)"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("replace branches (branchcode,branchname,branchaddress1,branchaddress2,branchaddress3,branchphone,branchfax,branchemail) values (?,?,?,?,?,?,?,?)"); $sth->execute(uc($data->{'branchcode'}), $data->{'branchname'}, $data->{'branchaddress1'}, $data->{'branchaddress2'}, $data->{'branchaddress3'}, $data->{'branchphone'}, @@ -443,17 +437,13 @@ sub setbranchinfo { push(@addcats, $ccat); } } - # FIXME - There's already a $dbh in this scope. - my $dbh = C4::Context->dbh; foreach my $cat (@addcats) { - my $query = "insert into branchrelations (branchcode, categorycode) values(?, ?)"; - my $sth = $dbh->prepare($query); + my $sth = $dbh->prepare("insert into branchrelations (branchcode, categorycode) values(?, ?)"); $sth->execute($branchcode, $cat); $sth->finish; } foreach my $cat (@removecats) { - my $query = "delete from branchrelations where branchcode=? and categorycode=?"; - my $sth = $dbh->prepare($query); + my $sth = $dbh->prepare("delete from branchrelations where branchcode=? and categorycode=?"); $sth->execute($branchcode, $cat); $sth->finish; } @@ -462,9 +452,8 @@ sub setbranchinfo { sub deletebranch { # delete branch... my ($branchcode) = @_; - my $query = "delete from branches where branchcode = ?"; my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("delete from branches where branchcode = ?"); $sth->execute($branchcode); $sth->finish; } @@ -473,8 +462,7 @@ sub setcategoryinfo { # sets the data from the editbranch form, and writes to the database... my ($data) = @_; my $dbh = C4::Context->dbh; - my $query = "replace branchcategories (categorycode,categoryname,codedescription) values (?,?,?)"; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("replace branchcategories (categorycode,categoryname,codedescription) values (?,?,?)"); $sth->execute(uc($data->{'categorycode'}), $data->{'categoryname'},$data->{'codedescription'}); $sth->finish; @@ -482,9 +470,8 @@ sub setcategoryinfo { sub deletecategory { # delete branch... my ($categorycode) = @_; - my $query = "delete from branchcategories where categorycode = ?"; my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($query); + my $sth=$dbh->prepare("delete from branchcategories where categorycode = ?"); $sth->execute($categorycode); $sth->finish; } diff --git a/admin/categorie.pl b/admin/categorie.pl index c3eec264b7..6bffa9da1a 100755 --- a/admin/categorie.pl +++ b/admin/categorie.pl @@ -51,18 +51,15 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select * from categories where (description like \"$data[0]%\")"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select * from categories where (description like ?)"); + $sth->execute("$data[0]%"); my @results; - my $cnt=0; while (my $data=$sth->fetchrow_hashref){ push(@results,$data); - $cnt ++; } # $sth->execute; $sth->finish; - return ($cnt,\@results); + return (scalar(@results),\@results); } my $input = new CGI; @@ -70,7 +67,6 @@ my $searchfield=$input->param('description'); my $script_name="/cgi-bin/koha/admin/categorie.pl"; my $categorycode=$input->param('categorycode'); my $op = $input->param('op'); -$searchfield=~ s/\,//g; my ($template, $loggedinuser, $cookie) = get_template_and_user({template_name => "parameters/categorie.tmpl", @@ -96,8 +92,8 @@ if ($op eq 'add_form') { my $data; if ($categorycode) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'"); - $sth->execute; + my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?"); + $sth->execute($categorycode); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -116,18 +112,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'add_validate') { $template->param(add_validate => 1); my $dbh = C4::Context->dbh; - my $query = "replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values ("; - $query.= $dbh->quote($input->param('categorycode')).","; - $query.= $dbh->quote($input->param('description')).","; - $query.= $dbh->quote($input->param('enrolmentperiod')).","; - $query.= $dbh->quote($input->param('upperagelimit')).","; - $query.= $dbh->quote($input->param('dateofbirthrequired')).","; - $query.= $dbh->quote($input->param('enrolmentfee')).","; - $query.= $dbh->quote($input->param('issuelimit')).","; - $query.= $dbh->quote($input->param('reservefee')).","; - $query.= $dbh->quote($input->param('overduenoticerequired')).")"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values (?,?,?,?,?,?,?,?,?)"); + $sth->execute(map { $input->param($_) } ('categorycode','description','enrolmentperiod','upperagelimit','dateofbirthrequired','enrolmentfee','issuelimit','reservefee','overduenoticerequired')); $sth->finish; # END $OP eq ADD_VALIDATE ################## DELETE_CONFIRM ################################## @@ -136,14 +122,14 @@ if ($op eq 'add_form') { $template->param(delete_confirm => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode='$categorycode'"); - $sth->execute; + my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode=?"); + $sth->execute($categorycode); my $total = $sth->fetchrow_hashref; $sth->finish; $template->param(total => $total->{'total'}); - my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'"); - $sth2->execute; + my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?"); + $sth2->execute($categorycode); my $data=$sth2->fetchrow_hashref; $sth2->finish; if ($total->{'total'} >0) { @@ -167,9 +153,8 @@ if ($op eq 'add_form') { $template->param(delete_confirmed => 1); my $dbh = C4::Context->dbh; my $categorycode=uc($input->param('categorycode')); - my $query = "delete from categories where categorycode='$categorycode'"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("delete from categories where categorycode=?"); + $sth->execute($categorycode); $sth->finish; # END $OP eq DELETE_CONFIRMED } else { # DEFAULT diff --git a/admin/categoryitem.pl b/admin/categoryitem.pl index ec44263831..0ba3caeafd 100644 --- a/admin/categoryitem.pl +++ b/admin/categoryitem.pl @@ -52,18 +52,15 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select * from categories where (description like \"$data[0]%\")"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select * from categories where (description like ?)"); + $sth->execute("$data[0]%"); my @results; - my $cnt=0; while (my $data=$sth->fetchrow_hashref){ push(@results,$data); - $cnt ++; } # $sth->execute; $sth->finish; - return ($cnt,\@results); + return (scalar(@results),\@results); } my $input = new CGI; @@ -95,8 +92,8 @@ if ($op eq 'add_form') { my $data; if ($categorycode) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'"); - $sth->execute; + my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?"); + $sth->execute($categorycode); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -120,20 +117,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'add_validate') { $template->param(add_validate => 1); my $dbh = C4::Context->dbh; - my $query = "replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values ("; - $query.= $dbh->quote($input->param('categorycode')).","; - $query.= $dbh->quote($input->param('description')).","; - $query.= $dbh->quote($input->param('enrolmentperiod')).","; - $query.= $dbh->quote($input->param('upperagelimit')).","; - $query.= $dbh->quote($input->param('dateofbirthrequired')).","; - $query.= $dbh->quote($input->param('finetype')).","; - $query.= $dbh->quote($input->param('bulk')).","; - $query.= $dbh->quote($input->param('enrolmentfee')).","; - $query.= $dbh->quote($input->param('issuelimit')).","; - $query.= $dbh->quote($input->param('reservefee')).","; - $query.= $dbh->quote($input->param('overduenoticerequired')).")"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values (?,?,?,?,?,?,?,?,?,?,?)"); + $sth->execute(map {$input->param($_)} ('categorycode','description','enrolmentperiod','upperagelimit','dateofbirthrequired','finetype','bulk','enrolmentfee','issuelimit','reservefee','overduenoticerequired')); $sth->finish; print "data recorded"; print "
"; @@ -145,13 +130,13 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirm') { $template->param(delete_confirm => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode='$categorycode'"); - $sth->execute; + my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode=?"); + $sth->execute($categorycode); my $total = $sth->fetchrow_hashref; print "TOTAL : $categorycode : $total->{'total'}
"; $sth->finish; - my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'"); - $sth2->execute; + my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?"); + $sth2->execute($categorycode); my $data=$sth2->fetchrow_hashref; $sth2->finish; @@ -173,9 +158,8 @@ if ($op eq 'add_form') { $template->param(delete_confirmed => 1); my $dbh = C4::Context->dbh; my $categorycode=uc($input->param('categorycode')); - my $query = "delete from categories where categorycode='$categorycode'"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("delete from categories where categorycode=?"); + $sth->execute($categorycode); $sth->finish; # END $OP eq DELETE_CONFIRMED } else { # DEFAULT @@ -196,7 +180,7 @@ if ($op eq 'add_form') { overduenoticerequired => $results->[$i]{'overduenoticerequired'}, issuelimit => $results->[$i]{'issuelimit'}, reservefee => $results->[$i]{'reservefee'}, - toggle = $toggle ); + toggle => $toggle ); push @loop, \%row; if ( $toggle eq 'white' ) { diff --git a/admin/charges.pl b/admin/charges.pl index 090b938095..702ab0afa1 100755 --- a/admin/charges.pl +++ b/admin/charges.pl @@ -43,8 +43,7 @@ my ($template, $loggedinuser, $cookie) my $type=$input->param('type'); my $dbh = C4::Context->dbh; -my $query="Select description,categorycode from categories"; -my $sth=$dbh->prepare($query); +my $sth=$dbh->prepare("Select description,categorycode from categories"); $sth->execute; my @trow3; my @title_loop; @@ -56,8 +55,7 @@ while (my $data=$sth->fetchrow_hashref){ $i++; } $sth->finish; -$query="Select description,itemtype from itemtypes"; -$sth=$dbh->prepare($query); +$sth=$dbh->prepare("Select description,itemtype from itemtypes"); $sth->execute; $i=0; my $toggle="white"; @@ -71,8 +69,7 @@ while (my $data=$sth->fetchrow_hashref){ $toggle = 'white'; } for ($i=0;$i<9;$i++){ - $query="select * from categoryitem where categorycode=? and itemtype=?"; - my $sth2=$dbh->prepare($query); + my $sth2=$dbh->prepare("select * from categoryitem where categorycode=? and itemtype=?"); $sth2->execute($trow3[$i],$data->{'itemtype'}); my $dat=$sth2->fetchrow_hashref; $sth2->finish; diff --git a/admin/currency.pl b/admin/currency.pl index 954e74a54d..a7cf6066fc 100755 --- a/admin/currency.pl +++ b/admin/currency.pl @@ -68,9 +68,6 @@ sub StringSearch { my $input = new CGI; my $searchfield=$input->param('searchfield'); -my $pkfield="currency"; -my $reqsel="select currency,rate from currency where $pkfield='$searchfield'"; -my $reqdel="delete from currency where $pkfield='$searchfield'"; #my $branchcode=$input->param('branchcode'); my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/currency.pl"; @@ -100,8 +97,8 @@ if ($op eq 'add_form') { my $data; if ($searchfield) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select currency,rate from currency where currency='$searchfield'"); - $sth->execute; + my $sth=$dbh->prepare("select currency,rate from currency where currency=?"); + $sth->execute($searchfield); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -137,12 +134,12 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirm') { $template->param(delete_confirm => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select count(*) as total from aqbooksellers where currency='$searchfield'"); - $sth->execute; + my $sth=$dbh->prepare("select count(*) as total from aqbooksellers where currency=?"); + $sth->execute($searchfield); my $total = $sth->fetchrow_hashref; $sth->finish; - my $sth2=$dbh->prepare($reqsel); - $sth2->execute; + my $sth2=$dbh->prepare("select currency,rate from currency where currency=?"); + $sth2->execute($searchfield); my $data=$sth2->fetchrow_hashref; $sth2->finish; @@ -158,8 +155,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirmed') { $template->param(delete_confirmed => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from currency where currency=?"); + $sth->execute($searchfield); $sth->finish; # END $OP eq DELETE_CONFIRMED ################## DEFAULT ################################## diff --git a/admin/itemtypes.pl b/admin/itemtypes.pl index 496966e240..bb7a7fb78f 100755 --- a/admin/itemtypes.pl +++ b/admin/itemtypes.pl @@ -53,18 +53,15 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select * from itemtypes where (description like \"$data[0]%\") order by itemtype"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select * from itemtypes where (description like ?) order by itemtype"); + $sth->execute("$data[0]%"); my @results; - my $cnt=0; while (my $data=$sth->fetchrow_hashref){ push(@results,$data); - $cnt ++; } # $sth->execute; $sth->finish; - return ($cnt,\@results); + return (scalar(@results),\@results); } my $input = new CGI; @@ -99,8 +96,8 @@ if ($op eq 'add_form') { my $data; if ($itemtype) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select itemtype,description,loanlength,renewalsallowed,rentalcharge from itemtypes where itemtype='$itemtype'"); - $sth->execute; + my $sth=$dbh->prepare("select itemtype,description,loanlength,renewalsallowed,rentalcharge from itemtypes where itemtype=?"); + $sth->execute($itemtype); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -164,9 +161,8 @@ if ($op eq 'add_form') { #start the page and read in includes my $dbh = C4::Context->dbh; my $itemtype=uc($input->param('itemtype')); - my $query = "delete from itemtypes where itemtype='$itemtype'"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("delete from itemtypes where itemtype=?"); + $sth->execute($itemtype); $sth->finish; print "Content-Type: text/html\n\n"; exit; diff --git a/admin/koha2marclinks.pl b/admin/koha2marclinks.pl index d59c2cea79..56e0cf9744 100755 --- a/admin/koha2marclinks.pl +++ b/admin/koha2marclinks.pl @@ -63,8 +63,8 @@ if ($op eq 'add_form') { my ($defaulttagfield, $defaulttagsubfield,$defaultliblibrarian) = $sth->fetchrow; for (my $i=0;$i<=9;$i++) { - my $sth2=$dbh->prepare("select tagfield,tagsubfield,liblibrarian as lib,tab from marc_subfield_structure where tagfield like '$i%'"); - $sth2->execute; + my $sth2=$dbh->prepare("select tagfield,tagsubfield,liblibrarian as lib,tab from marc_subfield_structure where tagfield like ?"); + $sth2->execute("$i%"); my @marcarray; push @marcarray," "; while (my ($field, $tagsubfield, $liblibrarian) = $sth2->fetchrow_array) { @@ -105,8 +105,9 @@ if ($op eq 'add_form') { $fields{$kohafield}->{tagsubfield} = $tagsubfield; $fields{$kohafield}->{liblibrarian} = $liblibrarian; } - my $sth2=$dbh->prepare("SHOW COLUMNS from $tablename"); - $sth2->execute; + #XXX: This might not work. Maybe should use a DBI call instead of SHOW COLUMNS + my $sth2=$dbh->prepare("SHOW COLUMNS from ?"); + $sth2->execute($tablename); my $toggle="white"; my @loop_data = (); diff --git a/admin/marc_subfields_structure.pl b/admin/marc_subfields_structure.pl index 712f7176db..bf3483010c 100755 --- a/admin/marc_subfields_structure.pl +++ b/admin/marc_subfields_structure.pl @@ -33,9 +33,8 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where (tagfield like \"$searchstring%\") order by tagfield"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where (tagfield like ?) order by tagfield"); + $sth->execute("$searchstring%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -52,8 +51,6 @@ my $input = new CGI; my $tagfield=$input->param('tagfield'); my $tagsubfield=$input->param('tagsubfield'); my $pkfield="tagfield"; -my $reqsel="select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where tagfield='$tagfield' and tagsubfield='$tagsubfield'"; -my $reqdel="delete from marc_subfield_structure where tagfield='$tagfield' and tagsubfield='$tagsubfield'"; my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/marc_subfields_structure.pl"; @@ -140,8 +137,8 @@ if ($op eq 'add_form') { closedir DIR; # build values list - my $sth=$dbh->prepare("select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where tagfield='$tagfield'"); # and tagsubfield='$tagsubfield'"); - $sth->execute; + my $sth=$dbh->prepare("select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where tagfield=?"); # and tagsubfield='$tagsubfield'"); + $sth->execute($tagfield); my @loop_data = (); my $toggle="white"; my $i=0; @@ -163,7 +160,7 @@ if ($op eq 'add_form') { -size=>1, -multiple=>0, ); - $row_data{tagsubfield} =$data->{'tagsubfield'}."{'tagsubfield'}."\" />"; + $row_data{tagsubfield} =$data->{'tagsubfield'}.""; $row_data{liblibrarian} = CGI::escapeHTML($data->{'liblibrarian'}); $row_data{libopac} = CGI::escapeHTML($data->{'libopac'}); $row_data{kohafield}= CGI::scrolling_list( -name=>"kohafield", @@ -211,7 +208,7 @@ if ($op eq 'add_form') { -size=>1, -multiple=>0, ); - $row_data{tagsubfield} = "{'tagsubfield'}."\" size=\"3\" maxlength=\"1\" />"; + $row_data{tagsubfield} = "{'tagsubfield'}."\" size=\"3\" maxlength=\"1\">"; $row_data{liblibrarian} = ""; $row_data{libopac} = ""; $row_data{repeatable} = CGI::checkbox('repeatable','',1,''); @@ -236,7 +233,7 @@ if ($op eq 'add_form') { push(@loop_data, \%row_data); } $template->param(action => "Edit subfields", - tagfield => "$tagfield", + tagfield => "$tagfield", loop => \@loop_data, more_subfields => $more_subfields, more_tag => $tagfield); @@ -295,8 +292,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where tagfield=? and tagsubfield=?"); + $sth->execute($tagfield,$tagsubfield); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(liblibrarian => $data->{'liblibrarian'}, @@ -311,8 +308,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; unless (C4::Context->config('demo') eq 1) { - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from marc_subfield_structure where tagfield=? and tagsubfield=?"); + $sth->execute($tagfield,$tagsubfield); $sth->finish; } print "Content-Type: text/html\n\n"; @@ -347,7 +344,7 @@ if ($op eq 'add_form') { push(@loop_data, \%row_data); } $template->param(loop => \@loop_data); - $template->param(edit => ""); + $template->param(edit => ""); if ($offset>0) { my $prevpage = $offset-$pagesize; $template->param(prev =>""); diff --git a/admin/marctagstructure.pl b/admin/marctagstructure.pl index c6a1ad95d2..2564e85e4b 100755 --- a/admin/marctagstructure.pl +++ b/admin/marctagstructure.pl @@ -34,25 +34,20 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where (tagfield >= $data[0]) order by tagfield"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where (tagfield >= ?) order by tagfield"); + $sth->execute($data[0]); my @results; - my $cnt=0; while (my $data=$sth->fetchrow_hashref){ push(@results,$data); - $cnt ++; } # $sth->execute; $sth->finish; - return ($cnt,\@results); + return (scalar(@results),\@results); } my $input = new CGI; my $searchfield=$input->param('searchfield'); $searchfield=0 unless $searchfield; -my $pkfield="tagfield"; -my $reqsel="select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where $pkfield='$searchfield'"; my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/marctagstructure.pl"; @@ -84,8 +79,8 @@ if ($op eq 'add_form') { #---- if primkey exists, it's a modify action, so read values to modify... my $data; if ($searchfield) { - my $sth=$dbh->prepare("select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where $pkfield='$searchfield'"); - $sth->execute; + my $sth=$dbh->prepare("select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where tagfield=?"); + $sth->execute($searchfield); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -145,8 +140,8 @@ if ($op eq 'add_form') { # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where tagfield=?"); + $sth->execute($searchfield); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(liblibrarian => $data->{'liblibrarian'}, @@ -158,7 +153,7 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirmed') { my $dbh = C4::Context->dbh; unless (C4::Context->config('demo') eq 1) { - $dbh->do("delete from marc_tag_structure where $pkfield='$searchfield'"); + $dbh->do("delete from marc_tag_structure where tagfield='$searchfield'"); $dbh->do("delete from marc_subfield_structure where tagfield='$searchfield'"); } # END $OP eq DELETE_CONFIRMED diff --git a/admin/printers.pl b/admin/printers.pl index 3ec21ef337..dd0506dba7 100755 --- a/admin/printers.pl +++ b/admin/printers.pl @@ -52,9 +52,9 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select printername,printqueue,printtype from printers where (printername like \"$data[0]%\") order by printername"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $query=""; + my $sth=$dbh->prepare("Select printername,printqueue,printtype from printers where (printername like ?) order by printername"); + $sth->execute("$data[0]%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -68,9 +68,9 @@ sub StringSearch { my $input = new CGI; my $searchfield=$input->param('searchfield'); -my $pkfield="printername"; -my $reqsel="select printername,printqueue,printtype from printers where $pkfield='$searchfield'"; -my $reqdel="delete from printers where $pkfield='$searchfield'"; +my $pkfield=""; +my $reqsel=""; +my $reqdel=""; #my $branchcode=$input->param('branchcode'); my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/printers.pl"; @@ -102,8 +102,8 @@ if ($op eq 'add_form') { my $data; if ($searchfield) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername='$searchfield'"); - $sth->execute; + my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername=?"); + $sth->execute($searchfield); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -116,12 +116,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'add_validate') { $template->param(add_validate => 1); my $dbh = C4::Context->dbh; - my $query = "replace printers (printername,printqueue,printtype) values ("; - $query.= $dbh->quote($input->param('printername')).","; - $query.= $dbh->quote($input->param('printqueue')).","; - $query.= $dbh->quote($input->param('printtype')).")"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("replace printers (printername,printqueue,printtype) values (?,?,?)"); + $sth->execute($input->param('printername'),$input->param('printqueue'),$input->param('printtype')); $sth->finish; # END $OP eq ADD_VALIDATE ################## DELETE_CONFIRM ################################## @@ -129,8 +125,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirm') { $template->param(delete_confirm => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername="); + $sth->execute($searchfield); my $data=$sth->fetchrow_hashref; $sth->finish; $template->param(printqueue => $data->{'printqueue'}, @@ -143,8 +139,8 @@ if ($op eq 'add_form') { $template->param(delete_confirmed => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from printers where printername=?"); + $sth->execute($searchfield); $sth->finish; # END $OP eq DELETE_CONFIRMED ################## DEFAULT ################################## diff --git a/admin/stopwords.pl b/admin/stopwords.pl index 10b2833eb2..75b45d838b 100755 --- a/admin/stopwords.pl +++ b/admin/stopwords.pl @@ -52,9 +52,9 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select word from stopwords where (word like \"$data[0]%\") order by word"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $query=""; + my $sth=$dbh->prepare("Select word from stopwords where (word like ?) order by word"); + $sth->execute("$data[0]%"); my @results; my $cnt=0; while (my $data=$sth->fetchrow_hashref){ @@ -68,9 +68,6 @@ sub StringSearch { my $input = new CGI; my $searchfield=$input->param('searchfield'); -my $pkfield="word"; -my $reqsel="select word from stopwords where $pkfield='$searchfield'"; -my $reqdel="delete from stopwords where $pkfield='$searchfield'"; my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/stopwords.pl"; @@ -99,8 +96,8 @@ if ($op eq 'add_form') { my $data; if ($searchfield) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select word from stopwords where word='$searchfield'"); - $sth->execute; + my $sth=$dbh->prepare("select word from stopwords where word=?"); + $sth->execute($searchfield); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -123,8 +120,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirm') { $template->param(delete_confirm => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqsel); - $sth->execute; + my $sth=$dbh->prepare("select word from stopwords where word=?"); + $sth->execute($searchfield); my $data=$sth->fetchrow_hashref; $sth->finish; # END $OP eq DELETE_CONFIRM @@ -133,8 +130,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirmed') { $template->param(delete_confirmed => 1); my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from stopwords where word=?"); + $sth->execute($searchfield); $sth->finish; # END $OP eq DELETE_CONFIRMED ################## DEFAULT ################################## diff --git a/admin/z3950servers.pl b/admin/z3950servers.pl index b63807dde2..838e32767c 100755 --- a/admin/z3950servers.pl +++ b/admin/z3950servers.pl @@ -35,25 +35,20 @@ sub StringSearch { $searchstring=~ s/\'/\\\'/g; my @data=split(' ',$searchstring); my $count=@data; - my $query="Select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name like \"$data[0]\%\") order by rank,name"; - my $sth=$dbh->prepare($query); - $sth->execute; + my $sth=$dbh->prepare("Select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name like ?) order by rank,name"); + $sth->execute("$data[0]\%"); my @results; - my $cnt=0; while (my $data=$sth->fetchrow_hashref) { push(@results,$data); - $cnt ++; } # $sth->execute; $sth->finish; $dbh->disconnect; - return ($cnt,\@results); + return (scalar(@results),\@results); } my $input = new CGI; my $searchfield=$input->param('searchfield'); -my $reqsel="select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name = '$searchfield') order by rank,name"; -my $reqdel="delete from z3950servers where name='$searchfield'"; my $offset=$input->param('offset'); my $script_name="/cgi-bin/koha/admin/z3950servers.pl"; @@ -83,8 +78,8 @@ if ($op eq 'add_form') { my $data; if ($searchfield) { my $dbh = C4::Context->dbh; - my $sth=$dbh->prepare("select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name = '$searchfield') order by rank,name"); - $sth->execute; + my $sth=$dbh->prepare("select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name = ?) order by rank,name"); + $sth->execute($searchfield); $data=$sth->fetchrow_hashref; $sth->finish; } @@ -138,8 +133,8 @@ if ($op eq 'add_form') { $template->param(delete_confirm => 1); my $dbh = C4::Context->dbh; - my $sth2=$dbh->prepare($reqsel); - $sth2->execute; + my $sth2=$dbh->prepare("select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name = ?) order by rank,name"); + $sth2->execute($searchfield); my $data=$sth2->fetchrow_hashref; $sth2->finish; @@ -157,8 +152,8 @@ if ($op eq 'add_form') { } elsif ($op eq 'delete_confirmed') { $template->param(delete_confirmed => 1); my $dbh=C4::Context->dbh; - my $sth=$dbh->prepare($reqdel); - $sth->execute; + my $sth=$dbh->prepare("delete from z3950servers where name=?"); + $sth->execute($searchfield); $sth->finish; # END $OP eq DELETE_CONFIRMED ################## DEFAULT ################################## -- 2.39.5