[Koha-cvs] CVS: koha/C4 Maintainance.pm,1.11,1.12

koha-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Koha-cvs] CVS: koha/C4 Maintainance.pm,1.11,1.12

From:	MJ Ray
Subject:	[Koha-cvs] CVS: koha/C4 Maintainance.pm,1.11,1.12
Date:	Tue, 02 Dec 2003 18:19:27 -0800

Update of /cvsroot/koha/koha/C4
In directory sc8-pr-cvs1:/tmp/cvs-serv21763/C4

Modified Files:
        Maintainance.pm 
Log Message:
fixes for bug 662, securing prepare

Index: Maintainance.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Maintainance.pm,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** Maintainance.pm     13 Oct 2002 11:35:17 -0000      1.11
--- Maintainance.pm     3 Dec 2003 02:19:25 -0000       1.12
***************
*** 80,92 ****
    my ($sub,$num,$offset)address@hidden;
    my $dbh = C4::Context->dbh;
!   my $query="Select * from bibliosubject where subject like '$sub%' group by 
subject";
    # FIXME - Make $num and $offset optional.
    # If $num was given, make sure $offset was, too.
    if ($num != 0){
!     $query.=" limit $offset,$num";
    }
    my $sth=$dbh->prepare($query);
  #  print $query;
!   $sth->execute;
    my @results;
    my $i=0;
--- 80,94 ----
    my ($sub,$num,$offset)address@hidden;
    my $dbh = C4::Context->dbh;
!   my $query="Select * from bibliosubject where subject like '?%' group by 
subject";
!   my @bind = ($sub);
    # FIXME - Make $num and $offset optional.
    # If $num was given, make sure $offset was, too.
    if ($num != 0){
!     $query.=" limit ?,?";
!     push(@bind,$offset,$num);
    }
    my $sth=$dbh->prepare($query);
  #  print $query;
!   $sth->execute(@bind);
    my @results;
    my $i=0;
***************
*** 113,120 ****
    $sub=$dbh->quote($sub);
    $oldsub=$dbh->quote($oldsub);
!   # FIXME - Just use $dbh->do();
!   my $query="update bibliosubject set subject=$sub where subject=$oldsub";
!   my $sth=$dbh->prepare($query);
!   $sth->execute;
    $sth->finish;
  }
--- 115,120 ----
    $sub=$dbh->quote($sub);
    $oldsub=$dbh->quote($oldsub);
!   my $sth=$dbh->prepare("update bibliosubject set subject=? where subject=?");
!   $sth->execute($sub,$oldsub);
    $sth->finish;
  }
***************
*** 133,145 ****
    my ($bib,$bi)address@hidden;
    my $dbh = C4::Context->dbh;
!   # FIXME - Just use $dbh->do();
!   my $query="update biblioitems set biblionumber=$bib where 
biblioitemnumber=$bi";
!   my $sth=$dbh->prepare($query);
!   $sth->execute;
    $sth->finish;
!   # FIXME - Just use $dbh->do();
!   $query="update items set biblionumber=$bib where biblioitemnumber=$bi";
!   $sth=$dbh->prepare($query);
!   $sth->execute;
    $sth->finish;
  }
--- 133,142 ----
    my ($bib,$bi)address@hidden;
    my $dbh = C4::Context->dbh;
!   my $sth=$dbh->prepare("update biblioitems set biblionumber=? where 
biblioitemnumber=?");
!   $sth->execute($bib,$bi);
    $sth->finish;
!   $query="";
!   $sth=$dbh->prepare("update items set biblionumber=? where 
biblioitemnumber=?");
!   $sth->execute($bib,$bi);
    $sth->finish;
  }
***************
*** 161,167 ****
    my ($title)address@hidden;
    my $dbh = C4::Context->dbh;
!   my $query="Select * from deletedbiblio where title like '$title%' order by 
title";
!   my $sth=$dbh->prepare($query);
!   $sth->execute;
    my @results;
    my $i=0;
--- 158,163 ----
    my ($title)address@hidden;
    my $dbh = C4::Context->dbh;
!   my $sth=$dbh->prepare("Select * from deletedbiblio where title like '?%' 
order by title");
!   $sth->execute($title);
    my @results;
    my $i=0;
***************
*** 187,211 ****
    my ($bib)address@hidden;
    my $dbh = C4::Context->dbh;
!   my $query="select * from deletedbiblio where biblionumber=$bib";
!   my $sth=$dbh->prepare($query);
!   $sth->execute;
    if (my @data=$sth->fetchrow_array){
      $sth->finish;
      # FIXME - Doesn't this keep the same biblionumber? Isn't this
      # forbidden by the definition of 'biblio'? Or doesn't it matter?
!     $query="Insert into biblio values (";
!     foreach my $temp (@data){
!       $temp=~ s/\'/\\\'/g;
!       $query .= "'$temp',";
!     }
      $query=~ s/\,$/\)/;
      #   print $query;
      $sth=$dbh->prepare($query);
!     $sth->execute;
      $sth->finish;
    }
!   $query="Delete from deletedbiblio where biblionumber=$bib";
!   $sth=$dbh->prepare($query);
!   $sth->execute;
    $sth->finish;
  }
--- 183,202 ----
    my ($bib)address@hidden;
    my $dbh = C4::Context->dbh;
!   my $sth=$dbh->prepare("select * from deletedbiblio where biblionumber=?");
!   $sth->execute($bib);
    if (my @data=$sth->fetchrow_array){
      $sth->finish;
      # FIXME - Doesn't this keep the same biblionumber? Isn't this
      # forbidden by the definition of 'biblio'? Or doesn't it matter?
!     my $query="Insert into biblio values (";
!     $query .= ("?," x $#data);
      $query=~ s/\,$/\)/;
      #   print $query;
      $sth=$dbh->prepare($query);
!     $sth->execute(@data);
      $sth->finish;
    }
!   $sth=$dbh->prepare("Delete from deletedbiblio where biblionumber=?");
!   $sth->execute($bib);
    $sth->finish;
  }
***************
*** 223,229 ****
    my ($bi,$type)address@hidden;
    my $dbh = C4::Context->dbh;
!   # FIXME - Use $dbh->do(...);
!   my $sth=$dbh->prepare("Update biblioitems set itemtype='$type' where 
biblioitemnumber=$bi");
!   $sth->execute;
    $sth->finish;
  }
--- 214,219 ----
    my ($bi,$type)address@hidden;
    my $dbh = C4::Context->dbh;
!   my $sth=$dbh->prepare("Update biblioitems set itemtype=? where 
biblioitemnumber=?");
!   $sth->execute($type,$bi);
    $sth->finish;
  }

[Prev in Thread]

Current Thread

[Next in Thread]

[Koha-cvs] CVS: koha/C4 Maintainance.pm,1.11,1.12, MJ Ray <=

Prev by Date: [Koha-cvs] CVS: koha/C4 Biblio.pm,1.75,1.76
Next by Date: [Koha-cvs] CVS: koha/C4 Authorities.pm,1.5,1.6
Previous by thread: [Koha-cvs] CVS: koha/C4 Biblio.pm,1.75,1.76
Next by thread: [Koha-cvs] CVS: koha/C4 Authorities.pm,1.5,1.6
Index(es):
- Date
- Thread