[Koha-devel] RC19

[Andrew Arensburger]

On Fri, Oct 25, 2002 at 06:08:47AM -0400, Ville Huhtala wrote:
> DBD::mysql::st execute failed: You have an error in your SQL syntax near '' at line 1 at /var/www/html/koha/intranet/modules/C4/Search.pm line 1075, <KC> line 44.

> DBD::mysql::st execute failed: You have an error in your SQL syntax near 'and
>   datecancellationprinted is NULL and quantity > quantityreceived' at line 1 at /var/www/html/koha/intranet/modules/C4/Search.pm line 2188, <KC> line 55.

	I'm not certain, but I'm pretty sure that both of these are
caused by insufficient error-checking, e.g.

	select * from biblio where biblionumber=$biblionumber

where $biblionumber is undefined.
	I think I've also run into a few cases similar to

	if ($title ne "")
	{
		$query = "select * from biblio where title like '$title';
	}
	# else if other cases...

	$query .= " and author='$author'";

In this case, if $title isn't specified for whatever reason, the SQL
query begins with " and author", which causes an error.
	The only real fix, I'm afraid, is better error-checking
throughout. In particular, at the beginning of every script, make sure
that all required fields were set.

-- 
Andrew Arensburger                      This message *does* represent the
arensb at ooblick.com                      views of ooblick.com
       Jesus loves me, this I know / For the Voices tell me so.