[Koha-patches] [PATCH 2/2] Bug 5905 : Follow up fixing sql to use placeholders
Chris Cormack
chrisc at catalyst.net.nz
Sun Mar 20 23:25:31 CET 2011
---
C4/Accounts.pm | 29 +++++++++--------------------
1 files changed, 9 insertions(+), 20 deletions(-)
diff --git a/C4/Accounts.pm b/C4/Accounts.pm
index 8f4b26e..1ab7c21 100644
--- a/C4/Accounts.pm
+++ b/C4/Accounts.pm
@@ -179,31 +179,20 @@ sub makepayment {
$finalamount = $partpaymentamount;
$descriptionpayment="Part Payment for account n°".$accountno.",thanks - ".$user." : ".$data->{'description'};
}
- $dbh->do(
+ $sth = $dbh->prepare(
"UPDATE accountlines
- SET amountoutstanding = $newamountoutstanding
- WHERE id = $accountlineid
- "
- );
+ SET amountoutstanding = ?
+ WHERE id = ?
+ ");
+ $sth->execute($newamountoutstanding,$accountlineid);
- # print $updquery;
- # $dbh->do( "
- # INSERT INTO accountoffsets
- # (borrowernumber, accountno, offsetaccount,
- # offsetamount)
- # VALUES ($borrowernumber, $accountno, $nextaccntno, $newamtos)
- # " );
-
- # create new line
-
-
- $dbh->do( "
+ $sth = $dbh->prepare( "
INSERT INTO accountlines
(borrowernumber, accountno, date, time, amount,
description, accounttype, amountoutstanding, note, meansofpayment, manager_id)
- VALUES ($borrowernumber, $nextaccntno, now(), CURRENT_TIME, $payment,
- '$descriptionpayment', 'Pay', 0, '$note', '$meansofpayment', '$manager_id')
+ VALUES (?,?, now(), CURRENT_TIME, ?, ?, 'Pay', 0, ?, ?, ?)
" );
+ $sth->execute($borrowernumber, $nextaccntno, $payment, $descriptionpayment, $note, $meansofpayment, $manager_id)
# FIXME - The second argument to &UpdateStats is supposed to be the
# branch code.
@@ -216,7 +205,7 @@ sub makepayment {
returnlost( $borrowernumber, $data->{'itemnumber'} );
}
- my $sth = $dbh->prepare("SELECT max(id) AS lastinsertid FROM accountlines");
+ $sth = $dbh->prepare("SELECT max(id) AS lastinsertid FROM accountlines");
$sth->execute();
my $datalastinsertid = $sth->fetchrow_hashref;
$sth->finish;
--
1.7.1
More information about the Koha-patches
mailing list