[Koha-patches] [PATCH] SQL cleanup in new circ scripts: use placeholders

Tue Apr 1 19:01:09 CEST 2008

---
 circ/billing.pl         |   44 +++++++++++++++++++++++++-------------------
 circ/pendingreserves.pl |   35 +++++++++++++++++++----------------
 circ/reserveratios.pl   |   36 ++++++++++++++++++++----------------
 3 files changed, 64 insertions(+), 51 deletions(-)

diff --git a/circ/billing.pl b/circ/billing.pl
index a1586a7..764899c 100755
--- a/circ/billing.pl
+++ b/circ/billing.pl
@@ -87,26 +87,34 @@ if (!defined($max_bill) or $max_bill eq "") {
 my $dbh    = C4::Context->dbh;
 my ($sqlorderby, $sqldatewhere, $presqldatewhere) = ("","","");
 $debug and warn format_date_in_iso($startdate) . "\n" . format_date_in_iso($enddate);
+my @query_params = ();
 # the dates below is to check for compliance of the current date range
-#$sqldatewhere .= " AND date >= " . $dbh->quote(format_date_in_iso($startdate))  if ($startdate) ;
-$sqldatewhere .= " AND date <= " . $dbh->quote(format_date_in_iso($enddate))  if ($enddate) ;
+if ($enddate) {
+    $sqldatewhere .= " AND date <= ?";
+    push @query_params, format_date_in_iso($enddate);
+}
+push @query_params, $max_bill;
 # the date below is to check for compliance of all fees prior
-$presqldatewhere .= " AND date < " . $dbh->quote(format_date_in_iso($startdate))  if ($startdate) ;
+if ($startdate) {
+    $presqldatewhere .= " AND date < ?";
+    push @query_params, format_date_in_iso($startdate);
+}
+push @query_params, $max_bill;
 
 if ($order eq "patron") {
-	$sqlorderby = " order by surname, firstname ";
+	$sqlorderby = " ORDER BY surname, firstname ";
 } elsif ($order eq "fee") {
-    $sqlorderby = " order by l_amountoutstanding DESC ";
+    $sqlorderby = " ORDER BY l_amountoutstanding DESC ";
 } elsif ($order eq "desc") {
-    $sqlorderby = " order by l_description ";
+    $sqlorderby = " ORDER BY l_description ";
 } elsif ($order eq "type") {
-    $sqlorderby = " order by l_accounttype ";
+    $sqlorderby = " ORDER BY l_accounttype ";
 } elsif ($order eq "date") {
-    $sqlorderby = " order by l_date DESC ";
+    $sqlorderby = " ORDER BY l_date DESC ";
 } elsif ($order eq "total") {
-    $sqlorderby = " order by sum_amount DESC ";
+    $sqlorderby = " ORDER BY sum_amount DESC ";
 } else {
-	$sqlorderby = " order by surname, firstname ";
+	$sqlorderby = " ORDER BY surname, firstname ";
 }
 my $strsth =
 	"SELECT 
@@ -135,27 +143,25 @@ my $strsth =
 			IN (SELECT borrowernumber FROM accountlines 
 				where borrowernumber >= 0
 				$sqldatewhere 
-				GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= $max_bill ) 
+				GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= ? ) 
 		AND accountlines.borrowernumber 
 			NOT IN (SELECT borrowernumber FROM accountlines 
 				where borrowernumber >= 0
 				$presqldatewhere 
-				GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= $max_bill ) 
+				GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= ? ) 
 ";
 
 
 if (C4::Context->preference('IndependantBranches')){
 	$strsth .= " AND borrowers.branchcode=? ";
+    push @query_params, C4::Context->userenv->{'branch'};
 }
-$strsth .= " GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= $max_bill " . $sqlorderby;
+$strsth .= " GROUP BY accountlines.borrowernumber HAVING sum(amountoutstanding) >= ? " . $sqlorderby;
+push @query_params, $max_bill;
+
 my $sth = $dbh->prepare($strsth);
+$sth->execute(@query_params);
 
-if (C4::Context->preference('IndependantBranches')){
-	$sth->execute(C4::Context->userenv->{'branch'});
-}
-else {
-	$sth->execute();
-}	
 my @billingdata;
 my $previous;
 my $this;
diff --git a/circ/pendingreserves.pl b/circ/pendingreserves.pl
index b9fa6d9..f8ac860 100755
--- a/circ/pendingreserves.pl
+++ b/circ/pendingreserves.pl
@@ -87,24 +87,30 @@ if (!defined($enddate) or $enddate eq "") {
 my $dbh    = C4::Context->dbh;
 my ($sqlorderby, $sqldatewhere) = ("","");
 $debug and warn format_date_in_iso($startdate) . "\n" . format_date_in_iso($enddate);
-$sqldatewhere .= " AND reservedate >= " . $dbh->quote(format_date_in_iso($startdate))  if ($startdate) ;
-$sqldatewhere .= " AND reservedate <= " . $dbh->quote(format_date_in_iso($enddate))  if ($enddate) ;
-
+my @query_params = ();
+if ($startdate) {
+    $sqldatewhere .= " AND reservedate >= ?";
+    push @query_params, format_date_in_iso($startdate);
+}
+if ($enddate) {
+    $sqldatewhere .= " AND reservedate <= ?";
+    push @query_params, format_date_in_iso($enddate);
+}
 
 if ($order eq "biblio") {
-	$sqlorderby = " order by biblio.title ";
+	$sqlorderby = " ORDER BY biblio.title ";
 } elsif ($order eq "itype") {
-	$sqlorderby = " order by l_itype, location, l_itemcallnumber ";
+	$sqlorderby = " ORDER BY l_itype, location, l_itemcallnumber ";
 } elsif ($order eq "location") {
-	$sqlorderby = " order by location, l_itemcallnumber, holdingbranch ";
+	$sqlorderby = " ORDER BY location, l_itemcallnumber, holdingbranch ";
 } elsif ($order eq "date") {
-    $sqlorderby = " order by l_reservedate, location, l_itemcallnumber ";
+    $sqlorderby = " ORDER BY l_reservedate, location, l_itemcallnumber ";
 } elsif ($order eq "library") {
-    $sqlorderby = " order by holdingbranch, l_itemcallnumber, location ";
+    $sqlorderby = " ORDER BY holdingbranch, l_itemcallnumber, location ";
 } elsif ($order eq "call") {
-    $sqlorderby = " order by l_itemcallnumber, holdingbranch, location ";    
+    $sqlorderby = " ORDER BY l_itemcallnumber, holdingbranch, location ";    
 } else {
-	$sqlorderby = " order by biblio.title ";
+	$sqlorderby = " ORDER BY biblio.title ";
 }
 my $strsth =
 "SELECT min(reservedate) as l_reservedate,
@@ -152,16 +158,13 @@ AND notforloan = 0 AND damaged = 0 AND itemlost = 0 AND wthdrawn = 0
 
 if (C4::Context->preference('IndependantBranches')){
 	$strsth .= " AND items.holdingbranch=? ";
+    push @query_params, C4::Context->userenv->{'branch'};
 }
 $strsth .= " GROUP BY reserves.biblionumber " . $sqlorderby;
+
 my $sth = $dbh->prepare($strsth);
+$sth->execute(@query_params);
 
-if (C4::Context->preference('IndependantBranches')){
-	$sth->execute(C4::Context->userenv->{'branch'});
-}
-else {
-	$sth->execute();
-}	
 my @reservedata;
 my $previous;
 my $this;
diff --git a/circ/reserveratios.pl b/circ/reserveratios.pl
index 8523a1e..60f01bb 100755
--- a/circ/reserveratios.pl
+++ b/circ/reserveratios.pl
@@ -87,25 +87,32 @@ if ($ratio == 0) {
 my $dbh    = C4::Context->dbh;
 my ($sqlorderby, $sqldatewhere) = ("","");
 $debug and warn format_date_in_iso($startdate) . "\n" . format_date_in_iso($enddate);
-$sqldatewhere .= " AND reservedate >= " . $dbh->quote(format_date_in_iso($startdate))  if ($startdate) ;
-$sqldatewhere .= " AND reservedate <= " . $dbh->quote(format_date_in_iso($enddate))  if ($enddate) ;
+my @query_params = ();
+if ($startdate) {
+    $sqldatewhere .= " AND reservedate >= ?";
+    push @query_params, format_date_in_iso($startdate);
+}
+if ($enddate) {
+    $sqldatewhere .= " AND reservedate <= ?";
+    push @query_params, format_date_in_iso($enddate);
+}
 
 if ($order eq "biblio") {
-	$sqlorderby = " order by biblio.title, holdingbranch, listcall, l_location ";
+	$sqlorderby = " ORDER BY biblio.title, holdingbranch, listcall, l_location ";
 } elsif ($order eq "callnumber") {
-    $sqlorderby = " order by listcall, holdingbranch, l_location ";
+    $sqlorderby = " ORDER BY listcall, holdingbranch, l_location ";
 } elsif ($order eq "itemcount") {
-    $sqlorderby = " order by itemcount, reservecount ";
+    $sqlorderby = " ORDER BY itemcount, reservecount ";
 } elsif ($order eq "itype") {
-    $sqlorderby = " order by l_itype, holdingbranch, listcall ";
+    $sqlorderby = " ORDER BY l_itype, holdingbranch, listcall ";
 } elsif ($order eq "location") {
-    $sqlorderby = " order by l_location, holdingbranch, listcall ";
+    $sqlorderby = " ORDER BY l_location, holdingbranch, listcall ";
 } elsif ($order eq "reservecount") {
-    $sqlorderby = " order by reservecount DESC ";
+    $sqlorderby = " ORDER BY reservecount DESC ";
 } elsif ($order eq "branch") {
-    $sqlorderby = " order by holdingbranch, l_location, listcall ";
+    $sqlorderby = " ORDER BY holdingbranch, l_location, listcall ";
 } else {
-	$sqlorderby = " order by reservecount DESC ";
+	$sqlorderby = " ORDER BY reservecount DESC ";
 }
 my $strsth =
 "SELECT reservedate,
@@ -140,16 +147,13 @@ notforloan = 0 AND damaged = 0 AND itemlost = 0 AND wthdrawn = 0
 
 if (C4::Context->preference('IndependantBranches')){
 	$strsth .= " AND items.holdingbranch=? ";
+    push @query_params, C4::Context->userenv->{'branch'};
 }
+
 $strsth .= " GROUP BY reserves.biblionumber " . $sqlorderby;
 my $sth = $dbh->prepare($strsth);
+$sth->execute(@query_params);
 
-if (C4::Context->preference('IndependantBranches')){
-	$sth->execute(C4::Context->userenv->{'branch'});
-}
-else {
-	$sth->execute();
-}	
 my @reservedata;
 while ( my $data = $sth->fetchrow_hashref ) {
     my @itemlist;
-- 
1.5.5.rc0.16.g02b00


