[Koha-cvs] koha/members insertdata.pl [rel_2_2]

Henri-Damien LAURENT laurenthdl at alinto.com
Tue Mar 20 17:41:10 CET 2007 

CVSROOT:	/sources/koha
Module name:	koha
Branch:		rel_2_2
Changes by:	Henri-Damien LAURENT <hdl>	07/03/20 16:41:10

Modified files:
	members        : insertdata.pl 

Log message:
	changing insertdata to use $dbh->quote

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/koha/members/insertdata.pl?cvsroot=koha&only_with_tag=rel_2_2&r1=1.2&r2=1.2.2.1

Patches:
Index: insertdata.pl
===================================================================
RCS file: /sources/koha/koha/members/Attic/insertdata.pl,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -b -r1.2 -r1.2.2.1
--- insertdata.pl	24 Mar 2004 21:23:12 -0000	1.2
+++ insertdata.pl	20 Mar 2007 16:41:10 -0000	1.2.2.1
@@ -41,8 +41,8 @@
 my $env;
 foreach my $key (@names){
   $data{$key}=$input->param($key);
-  $data{$key}=~ s/\'/\\\'/g;
-  $data{$key}=~ s/\"/\\\"/g;
+#  $data{$key}=~ s/\'/\\\'/g;
+#  $data{$key}=~ s/\"/\\\"/g;
 }
 my $dbh = C4::Context->dbh;
 my $query="Select * from borrowers where borrowernumber=?";
@@ -52,18 +52,18 @@
   $data{'dateofbirth'}=format_date_in_iso($data{'dateofbirth'});
   $data{'joining'}=format_date_in_iso($data{'joining'});
   $data{'expiry'}=format_date_in_iso($data{'expiry'});
-  $query="update borrowers set title='$data{'title'}',expiry='$data{'expiry'}',
-  cardnumber='$data{'cardnumber'}',sex='$data{'sex'}',ethnotes='$data{'ethnicnotes'}',
-  streetaddress='$data{'address'}',faxnumber='$data{'faxnumber'}',firstname='$data{'firstname'}',
-  altnotes='$data{'altnotes'}',dateofbirth='$data{'dateofbirth'}',contactname='$data{'contactname'}',
-  emailaddress='$data{'emailaddress'}',dateenrolled='$data{'joining'}',streetcity='$data{'streetcity'}',
-  altrelationship='$data{'altrelationship'}',othernames='$data{'othernames'}',phoneday='$data{'phoneday'}',
-  categorycode='$data{'categorycode'}',city='$data{'city'}',area='$data{'area'}',phone='$data{'phone'}',
-  borrowernotes='$data{'borrowernotes'}',altphone='$data{'altphone'}',surname='$data{'surname'}',
-  initials='$data{'initials'}',physstreet='$data{'streetaddress'}',ethnicity='$data{'ethnicity'}',
-  gonenoaddress='$data{'gna'}',lost='$data{'lost'}',debarred='$data{'debarred'}',
-  textmessaging='$data{'textmessaging'}', branchcode = '$data{'branchcode'}',
-  zipcode = '$data{'zipcode'}',homezipcode='$data{'homezipcode'}'
+  $query="update borrowers set title=".$dbh->quote(data{'title'}).",expiry=".$dbh->quote(data{'expiry'}).",
+  cardnumber=".$dbh->quote(data{'cardnumber'}).",sex=".$dbh->quote(data{'sex'}).",ethnotes=".$dbh->quote(data{'ethnicnotes'}).",
+  streetaddress=".$dbh->quote(data{'address'}).",faxnumber=".$dbh->quote(data{'faxnumber'}).",firstname=".$dbh->quote(data{'firstname'}).",
+  altnotes=".$dbh->quote(data{'altnotes'}).",dateofbirth=".$dbh->quote(data{'dateofbirth'}).",contactname=".$dbh->quote(data{'contactname'}).",
+  emailaddress=".$dbh->quote(data{'emailaddress'}).",dateenrolled=".$dbh->quote(data{'joining'}).",streetcity=".$dbh->quote(data{'streetcity'}).",
+  altrelationship=".$dbh->quote(data{'altrelationship'}).",othernames=".$dbh->quote(data{'othernames'}).",phoneday=".$dbh->quote(data{'phoneday'}).",
+  categorycode=".$dbh->quote(data{'categorycode'}).",city=".$dbh->quote(data{'city'}).",area=".$dbh->quote(data{'area'}).",phone=".$dbh->quote(data{'phone'}).",
+  borrowernotes=".$dbh->quote(data{'borrowernotes'}).",altphone=".$dbh->quote(data{'altphone'}).",surname=".$dbh->quote(data{'surname'}).",
+  initials=".$dbh->quote(data{'initials'}).",physstreet=".$dbh->quote(data{'streetaddress'}).",ethnicity=".$dbh->quote(data{'ethnicity'}).",
+  gonenoaddress=".$dbh->quote(data{'gna'}).",lost=".$dbh->quote(data{'lost'}).",debarred=".$dbh->quote(data{'debarred'}).",
+  textmessaging=".$dbh->quote(data{'textmessaging'}).", branchcode = ".$dbh->quote(data{'branchcode'}).",
+  zipcode = ".$dbh->quote(data{'zipcode'}).",homezipcode=".$dbh->quote(data{'homezipcode'})."
   where borrowernumber=$data{'borrowernumber'}";
 
 }else{
@@ -74,13 +74,13 @@
   $query="insert into borrowers (title,expiry,cardnumber,sex,ethnotes,streetaddress,faxnumber,
   firstname,altnotes,dateofbirth,contactname,emailaddress,textmessaging,dateenrolled,streetcity,
   altrelationship,othernames,phoneday,categorycode,city,area,phone,borrowernotes,altphone,surname,
-  initials,ethnicity,physstreet,branchcode,zipcode,homezipcode) values ('$data{'title'}','$data{'expiry'}','$data{'cardnumber'}',
-  '$data{'sex'}','$data{'ethnotes'}','$data{'address'}','$data{'faxnumber'}',
-  '$data{'firstname'}','$data{'altnotes'}','$data{'dateofbirth'}','$data{'contactname'}','$data{'emailaddress'}','$data{'textmessaging'}',
-  '$data{'joining'}','$data{'streetcity'}','$data{'altrelationship'}','$data{'othernames'}',
-  '$data{'phoneday'}','$data{'categorycode'}','$data{'city'}','$data{'area'}','$data{'phone'}',
-  '$data{'borrowernotes'}','$data{'altphone'}','$data{'surname'}','$data{'initials'}',
-  '$data{'ethnicity'}','$data{'streetaddress'}','$data{'branchcode'}','$data{'zipcode'}','$data{'homezipcode'}')";
+  initials,ethnicity,physstreet,branchcode,zipcode,homezipcode) values (".$dbh->quote(data{'title'}).",".$dbh->quote(data{'expiry'}).",".$dbh->quote(data{'cardnumber'}).",
+  ".$dbh->quote(data{'sex'}).",".$dbh->quote(data{'ethnotes'}).",".$dbh->quote(data{'address'}).",".$dbh->quote(data{'faxnumber'}).",
+  ".$dbh->quote(data{'firstname'}).",".$dbh->quote(data{'altnotes'}).",".$dbh->quote(data{'dateofbirth'}).",".$dbh->quote(data{'contactname'}).",".$dbh->quote(data{'emailaddress'}).",".$dbh->quote(data{'textmessaging'}).",
+  ".$dbh->quote(data{'joining'}).",".$dbh->quote(data{'streetcity'}).",".$dbh->quote(data{'altrelationship'}).",".$dbh->quote(data{'othernames'}).",
+  ".$dbh->quote(data{'phoneday'}).",".$dbh->quote(data{'categorycode'}).",".$dbh->quote(data{'city'}).",".$dbh->quote(data{'area'}).",".$dbh->quote(data{'phone'}).",
+  ".$dbh->quote(data{'borrowernotes'}).",".$dbh->quote(data{'altphone'}).",".$dbh->quote(data{'surname'}).",".$dbh->quote(data{'initials'}).",
+  ".$dbh->quote(data{'ethnicity'}).",".$dbh->quote(data{'streetaddress'}).",".$dbh->quote(data{'branchcode'}).",".$dbh->quote(data{'zipcode'}).",".$dbh->quote(data{'homezipcode'}).")";
 }
 # ok if its an adult (type) it may have borrowers that depend on it as a guarantor
 # so when we update information for an adult we should check for guarantees and update the relevant part

More information about the Koha-cvs mailing list