[Koha-patches] [PATCH 2/3] Bug 5905 : Follow up fixing sql to use placeholders
Julian Maurice
julian.maurice at biblibre.com
Wed Mar 30 11:13:37 CEST 2011
From: Chris Cormack <chrisc at catalyst.net.nz>
---
C4/Accounts.pm | 29 ++++++++++++++---------------
1 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/C4/Accounts.pm b/C4/Accounts.pm
index 584c3f7..cd29dd8 100644
--- a/C4/Accounts.pm
+++ b/C4/Accounts.pm
@@ -182,22 +182,21 @@ sub makepayment {
$descriptionpayment="Part Payment for account n°".$accountno.",thanks - ".$user." : ".$data->{'description'};
}
- $dbh->do(
+ $sth = $dbh->prepare(
"UPDATE accountlines
- SET amountoutstanding = $newamountoutstanding
- WHERE id = $accountlineid
- "
- );
-
- # create new line
- $dbh->do( "
- INSERT INTO accountlines
- (borrowernumber, accountno, date, time, amount,
- description, accounttype, amountoutstanding,
- note, meansofpayment, manager_id)
- VALUES ($borrowernumber, $nextaccntno, now(), CURRENT_TIME, $payment,
- '$descriptionpayment', 'Pay', 0, '$note', '$meansofpayment', '$manager_id')
+ SET amountoutstanding = ?
+ WHERE id = ?
+ ");
+ $sth->execute($newamountoutstanding,$accountlineid);
+
+ $sth = $dbh->prepare( "
+ INSERT INTO accountlines
+ (borrowernumber, accountno, date, time, amount,
+ description, accounttype, amountoutstanding, note,
+ meansofpayment, manager_id)
+ VALUES (?,?, now(), CURRENT_TIME, ?, ?, 'Pay', 0, ?, ?, ?)
" );
+ $sth->execute($borrowernumber, $nextaccntno, $payment, $descriptionpayment, $note, $meansofpayment, $manager_id);
# FIXME - The second argument to &UpdateStats is supposed to be the
# branch code.
@@ -211,7 +210,7 @@ sub makepayment {
returnlost( $borrowernumber, $data->{'itemnumber'} );
}
- my $sth = $dbh->prepare("SELECT max(id) AS lastinsertid FROM accountlines");
+ $sth = $dbh->prepare("SELECT max(id) AS lastinsertid FROM accountlines");
$sth->execute();
my $datalastinsertid = $sth->fetchrow_hashref;
$sth->finish;
--
1.7.4.1
More information about the Koha-patches
mailing list