[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Koha-cvs] CVS: koha/C4 Maintainance.pm,1.11,1.12
From: |
MJ Ray |
Subject: |
[Koha-cvs] CVS: koha/C4 Maintainance.pm,1.11,1.12 |
Date: |
Tue, 02 Dec 2003 18:19:27 -0800 |
Update of /cvsroot/koha/koha/C4
In directory sc8-pr-cvs1:/tmp/cvs-serv21763/C4
Modified Files:
Maintainance.pm
Log Message:
fixes for bug 662, securing prepare
Index: Maintainance.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Maintainance.pm,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** Maintainance.pm 13 Oct 2002 11:35:17 -0000 1.11
--- Maintainance.pm 3 Dec 2003 02:19:25 -0000 1.12
***************
*** 80,92 ****
my ($sub,$num,$offset)address@hidden;
my $dbh = C4::Context->dbh;
! my $query="Select * from bibliosubject where subject like '$sub%' group by
subject";
# FIXME - Make $num and $offset optional.
# If $num was given, make sure $offset was, too.
if ($num != 0){
! $query.=" limit $offset,$num";
}
my $sth=$dbh->prepare($query);
# print $query;
! $sth->execute;
my @results;
my $i=0;
--- 80,94 ----
my ($sub,$num,$offset)address@hidden;
my $dbh = C4::Context->dbh;
! my $query="Select * from bibliosubject where subject like '?%' group by
subject";
! my @bind = ($sub);
# FIXME - Make $num and $offset optional.
# If $num was given, make sure $offset was, too.
if ($num != 0){
! $query.=" limit ?,?";
! push(@bind,$offset,$num);
}
my $sth=$dbh->prepare($query);
# print $query;
! $sth->execute(@bind);
my @results;
my $i=0;
***************
*** 113,120 ****
$sub=$dbh->quote($sub);
$oldsub=$dbh->quote($oldsub);
! # FIXME - Just use $dbh->do();
! my $query="update bibliosubject set subject=$sub where subject=$oldsub";
! my $sth=$dbh->prepare($query);
! $sth->execute;
$sth->finish;
}
--- 115,120 ----
$sub=$dbh->quote($sub);
$oldsub=$dbh->quote($oldsub);
! my $sth=$dbh->prepare("update bibliosubject set subject=? where subject=?");
! $sth->execute($sub,$oldsub);
$sth->finish;
}
***************
*** 133,145 ****
my ($bib,$bi)address@hidden;
my $dbh = C4::Context->dbh;
! # FIXME - Just use $dbh->do();
! my $query="update biblioitems set biblionumber=$bib where
biblioitemnumber=$bi";
! my $sth=$dbh->prepare($query);
! $sth->execute;
$sth->finish;
! # FIXME - Just use $dbh->do();
! $query="update items set biblionumber=$bib where biblioitemnumber=$bi";
! $sth=$dbh->prepare($query);
! $sth->execute;
$sth->finish;
}
--- 133,142 ----
my ($bib,$bi)address@hidden;
my $dbh = C4::Context->dbh;
! my $sth=$dbh->prepare("update biblioitems set biblionumber=? where
biblioitemnumber=?");
! $sth->execute($bib,$bi);
$sth->finish;
! $query="";
! $sth=$dbh->prepare("update items set biblionumber=? where
biblioitemnumber=?");
! $sth->execute($bib,$bi);
$sth->finish;
}
***************
*** 161,167 ****
my ($title)address@hidden;
my $dbh = C4::Context->dbh;
! my $query="Select * from deletedbiblio where title like '$title%' order by
title";
! my $sth=$dbh->prepare($query);
! $sth->execute;
my @results;
my $i=0;
--- 158,163 ----
my ($title)address@hidden;
my $dbh = C4::Context->dbh;
! my $sth=$dbh->prepare("Select * from deletedbiblio where title like '?%'
order by title");
! $sth->execute($title);
my @results;
my $i=0;
***************
*** 187,211 ****
my ($bib)address@hidden;
my $dbh = C4::Context->dbh;
! my $query="select * from deletedbiblio where biblionumber=$bib";
! my $sth=$dbh->prepare($query);
! $sth->execute;
if (my @data=$sth->fetchrow_array){
$sth->finish;
# FIXME - Doesn't this keep the same biblionumber? Isn't this
# forbidden by the definition of 'biblio'? Or doesn't it matter?
! $query="Insert into biblio values (";
! foreach my $temp (@data){
! $temp=~ s/\'/\\\'/g;
! $query .= "'$temp',";
! }
$query=~ s/\,$/\)/;
# print $query;
$sth=$dbh->prepare($query);
! $sth->execute;
$sth->finish;
}
! $query="Delete from deletedbiblio where biblionumber=$bib";
! $sth=$dbh->prepare($query);
! $sth->execute;
$sth->finish;
}
--- 183,202 ----
my ($bib)address@hidden;
my $dbh = C4::Context->dbh;
! my $sth=$dbh->prepare("select * from deletedbiblio where biblionumber=?");
! $sth->execute($bib);
if (my @data=$sth->fetchrow_array){
$sth->finish;
# FIXME - Doesn't this keep the same biblionumber? Isn't this
# forbidden by the definition of 'biblio'? Or doesn't it matter?
! my $query="Insert into biblio values (";
! $query .= ("?," x $#data);
$query=~ s/\,$/\)/;
# print $query;
$sth=$dbh->prepare($query);
! $sth->execute(@data);
$sth->finish;
}
! $sth=$dbh->prepare("Delete from deletedbiblio where biblionumber=?");
! $sth->execute($bib);
$sth->finish;
}
***************
*** 223,229 ****
my ($bi,$type)address@hidden;
my $dbh = C4::Context->dbh;
! # FIXME - Use $dbh->do(...);
! my $sth=$dbh->prepare("Update biblioitems set itemtype='$type' where
biblioitemnumber=$bi");
! $sth->execute;
$sth->finish;
}
--- 214,219 ----
my ($bi,$type)address@hidden;
my $dbh = C4::Context->dbh;
! my $sth=$dbh->prepare("Update biblioitems set itemtype=? where
biblioitemnumber=?");
! $sth->execute($type,$bi);
$sth->finish;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Koha-cvs] CVS: koha/C4 Maintainance.pm,1.11,1.12,
MJ Ray <=