[Koha-patches] [PATCH] Bug 5086 Pass claimed date correctly
Michael Hafen
mdhafen at tech.washk12.org
Wed Aug 4 16:08:17 CEST 2010
I would think that the $dbh->quote() function should be used here.
Especially if $date can come from the browser. A place holder and
passing $date through $rq->execute() would accomplish the same thing.
On Wed, 2010-08-04 at 12:55 +0100, Colin Campbell wrote:
> Claim date is being interpolated into sql string but
> without the necessary quotes resulting in a date of
> 0 being set.
> interpolation into sql strings should be avoided
> ---
> C4/Serials.pm | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/C4/Serials.pm b/C4/Serials.pm
> index 032246c..8779433 100644
> --- a/C4/Serials.pm
> +++ b/C4/Serials.pm
> @@ -287,7 +287,7 @@ sub UpdateClaimdateIssues {
> my $dbh = C4::Context->dbh;
> $date = strftime( "%Y-%m-%d", localtime ) unless ($date);
> my $query = "
> - UPDATE serial SET claimdate=$date,status=7
> + UPDATE serial SET claimdate=\'$date\',status=7
> WHERE serialid in (" . join( ",", @$serialids ) . ")";
> my $rq = $dbh->prepare($query);
> $rq->execute;
--
Michael Hafen
Systems Analyst and Programmer
Washington County School District
Utah, USA
for Koha checkout
http://development.washk12.org/gitweb/
or
git://development.washk12.org/koha
More information about the Koha-patches
mailing list