[Koha-cvs] CVS: koha/C4 SearchMarc.pm,1.11,1.12

Paul POULAIN tipaul at users.sourceforge.net
Wed Apr 14 21:45:50 CEST 2004 

Update of /cvsroot/koha/koha/C4
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18305/C4

Modified Files:
	SearchMarc.pm 
Log Message:
bugfix => escaping correctly values in SQL

Index: SearchMarc.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/SearchMarc.pm,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** SearchMarc.pm	15 Mar 2004 14:34:18 -0000	1.11
--- SearchMarc.pm	14 Apr 2004 19:45:48 -0000	1.12
***************
*** 142,146 ****
  
  	# Finds the basic results without the NOT requests
! 	my ($sql_tables, $sql_where1, $sql_where2) = create_request(\@normal_tags, \@normal_and_or, \@normal_operator, \@normal_value);
  
  	my $sth;
--- 142,146 ----
  
  	# Finds the basic results without the NOT requests
! 	my ($sql_tables, $sql_where1, $sql_where2) = create_request($dbh,\@normal_tags, \@normal_and_or, \@normal_operator, \@normal_value);
  
  	my $sth;
***************
*** 160,164 ****
  	if( ($sth->rows) && $any_not )	# some results to tune up and some NOT statements
  	{
! 		($not_sql_tables, $not_sql_where1, $not_sql_where2) = create_request(\@not_tags, \@not_and_or, \@not_operator, \@not_value);
  
  		my @tmpresult;
--- 160,164 ----
  	if( ($sth->rows) && $any_not )	# some results to tune up and some NOT statements
  	{
! 		($not_sql_tables, $not_sql_where1, $not_sql_where2) = create_request($dbh,\@not_tags, \@not_and_or, \@not_operator, \@not_value);
  
  		my @tmpresult;
***************
*** 222,226 ****
  
  sub create_request {
! 	my ($tags, $and_or, $operator, $value) = @_;
  
  	my $sql_tables; # will contain marc_subfield_table as m1,...
--- 222,226 ----
  
  sub create_request {
! 	my ($dbh,$tags, $and_or, $operator, $value) = @_;
  
  	my $sql_tables; # will contain marc_subfield_table as m1,...
***************
*** 236,240 ****
  				if (@$operator[$i] eq "start") {
  					$sql_tables .= "marc_subfield_table as m$nb_table,";
! 					$sql_where1 .= "(m1.subfieldvalue like '@$value[$i]%'";
  					if (@$tags[$i]) {
  						$sql_where1 .=" and m1.tag+m1.subfieldcode in (@$tags[$i])";
--- 236,240 ----
  				if (@$operator[$i] eq "start") {
  					$sql_tables .= "marc_subfield_table as m$nb_table,";
! 					$sql_where1 .= "(m1.subfieldvalue like ".$dbh->quote("@$value[$i]%");
  					if (@$tags[$i]) {
  						$sql_where1 .=" and m1.tag+m1.subfieldcode in (@$tags[$i])";
***************
*** 243,247 ****
  				} elsif (@$operator[$i] eq "contains") {
  					$sql_tables .= "marc_word as m$nb_table,";
! 					$sql_where1 .= "(m1.word  like '@$value[$i]%'";
  					if (@$tags[$i]) {
  						 $sql_where1 .=" and m1.tag+m1.subfieldid in (@$tags[$i])";
--- 243,247 ----
  				} elsif (@$operator[$i] eq "contains") {
  					$sql_tables .= "marc_word as m$nb_table,";
! 					$sql_where1 .= "(m1.word  like ".$dbh->quote("@$value[$i]%");
  					if (@$tags[$i]) {
  						 $sql_where1 .=" and m1.tag+m1.subfieldid in (@$tags[$i])";
***************
*** 250,254 ****
  				} else {
  					$sql_tables .= "marc_subfield_table as m$nb_table,";
! 					$sql_where1 .= "(m1.subfieldvalue @$operator[$i] '@$value[$i]' ";
  					if (@$tags[$i]) {
  						 $sql_where1 .=" and m1.tag+m1.subfieldcode in (@$tags[$i])";
--- 250,254 ----
  				} else {
  					$sql_tables .= "marc_subfield_table as m$nb_table,";
! 					$sql_where1 .= "(m1.subfieldvalue @$operator[$i] ".$dbh->quote("@$value[$i]");
  					if (@$tags[$i]) {
  						 $sql_where1 .=" and m1.tag+m1.subfieldcode in (@$tags[$i])";
***************
*** 260,264 ****
  					$nb_table++;
  					$sql_tables .= "marc_subfield_table as m$nb_table,";
! 					$sql_where1 .= "@$and_or[$i] (m$nb_table.subfieldvalue like '@$value[$i]%'";
  					if (@$tags[$i]) {
  					 	$sql_where1 .=" and m$nb_table.tag+m$nb_table.subfieldcode in (@$tags[$i])";
--- 260,264 ----
  					$nb_table++;
  					$sql_tables .= "marc_subfield_table as m$nb_table,";
! 					$sql_where1 .= "@$and_or[$i] (m$nb_table.subfieldvalue like ".$dbh->quote("@$value[$i]%");
  					if (@$tags[$i]) {
  					 	$sql_where1 .=" and m$nb_table.tag+m$nb_table.subfieldcode in (@$tags[$i])";
***************
*** 270,274 ****
  						$nb_table++;
  						$sql_tables .= "marc_word as m$nb_table,";
! 						$sql_where1 .= "@$and_or[$i] (m$nb_table.word like '@$value[$i]%'";
  						if (@$tags[$i]) {
  							$sql_where1 .=" and m$nb_table.tag+m$nb_table.subfieldid in(@$tags[$i])";
--- 270,274 ----
  						$nb_table++;
  						$sql_tables .= "marc_word as m$nb_table,";
! 						$sql_where1 .= "@$and_or[$i] (m$nb_table.word like ".$dbh->quote("@$value[$i]%");
  						if (@$tags[$i]) {
  							$sql_where1 .=" and m$nb_table.tag+m$nb_table.subfieldid in(@$tags[$i])";
***************
*** 277,281 ****
  						$sql_where2 .= "m1.bibid=m$nb_table.bibid and ";
  					} else {
! 						$sql_where1 .= "@$and_or[$i] (m$nb_table.word like '@$value[$i]%'";
  						if (@$tags[$i]) {
  							$sql_where1 .="  and m$nb_table.tag+m$nb_table.subfieldid in (@$tags[$i])";
--- 277,281 ----
  						$sql_where2 .= "m1.bibid=m$nb_table.bibid and ";
  					} else {
! 						$sql_where1 .= "@$and_or[$i] (m$nb_table.word like ".$dbh->quote("@$value[$i]%");
  						if (@$tags[$i]) {
  							$sql_where1 .="  and m$nb_table.tag+m$nb_table.subfieldid in (@$tags[$i])";
***************
*** 287,291 ****
  					$nb_table++;
  					$sql_tables .= "marc_subfield_table as m$nb_table,";
! 					$sql_where1 .= "@$and_or[$i] (m$nb_table.subfieldvalue @$operator[$i] '@$value[$i]'";
  					if (@$tags[$i]) {
  					 	$sql_where1 .="  and m$nb_table.tag+m$nb_table.subfieldcode in (@$tags[$i])";
--- 287,291 ----
  					$nb_table++;
  					$sql_tables .= "marc_subfield_table as m$nb_table,";
! 					$sql_where1 .= "@$and_or[$i] (m$nb_table.subfieldvalue @$operator[$i] ".$dbh->quote(@$value[$i]);
  					if (@$tags[$i]) {
  					 	$sql_where1 .="  and m$nb_table.tag+m$nb_table.subfieldcode in (@$tags[$i])";

More information about the Koha-cvs mailing list