[Koha-devel] Re: [Koha] Some question: postgres, italian, ...
Alan Millar
am12 at bolis.com
Wed Jul 3 12:12:28 CEST 2002
This conversation came up on the main Koha list:
> From: Marco Gaiarin <gaio at sv.lnf.it>
> > Having said that, im sure some mysqlisms have crept into the code over
> > the last 2-3 years. So im sure a little bit of code cleanup will be
> > needed as well.
>
> As i suppose, i've found a bunch of this. e.g., in
>
> --- ./cgi-bin/admin/currency.pl~ Mon Jul 1 16:59:55 2002
> +++ ./cgi-bin/admin/currency.pl Mon Jul 1 17:09:37 2002
> @@ -31,7 +31,7 @@
> $searchstring=~ s/\'/\\\'/g;
> my @data=split(' ',$searchstring);
> my $count=@data;
> - my $query="Select currency,rate from currency where (currency like \"$data[0]%\") order by currency";
> + my $query="Select currency,rate from currency where (currency like '$data[0]%') order by currency";
> my $sth=$dbh->prepare($query);
> $sth->execute;
> my @results;
>
> Postgres use " for strict escape (inside "", % is a normal character),
> and ' for normal character enclosing (so inside '' % is a wildcard
> matching char as supposed).
> Clearly all file have to be changed, and need to be verified there's no
> ' character in strings, really common in italian.
In my opinion, this is another very good reason to use the DBI bound
parameters and stop using $dbh->quote.
This should really by done as:
my $query="Select currency,rate from currency
where (currency like ?)
order by currency";
my $sth=$dbh->prepare($query);
$sth->execute($data[0] . '%');
or similar. Then we don't have to worry about Italian using apostrophes, etc.
- Alan
----
Alan Millar --==> am12 at bolis.com <==--
More information about the Koha-devel
mailing list