[Koha-patches] [PATCH] Bug 9454 Use placeholders when adding basket
Colin Campbell
colin.campbell at ptfs-europe.com
Wed Jan 23 12:38:21 CET 2013
Should always use placeholders when passing variables
to DBI avoids unforeseen bugs and security issues
reformated the long lists of parameters to add CR
moved the setting of defaults out of the call to ModBasket to
clarify code
Setting parameters to undef if they were not defined
was unnecessary bloat and obscuration
---
C4/Acquisition.pm | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/C4/Acquisition.pm b/C4/Acquisition.pm
index 4a03e2c..26cf796 100644
--- a/C4/Acquisition.pm
+++ b/C4/Acquisition.pm
@@ -190,18 +190,21 @@ The other parameters are optional, see ModBasketHeader for more info on them.
=cut
sub NewBasket {
- my ( $booksellerid, $authorisedby, $basketname, $basketnote, $basketbooksellernote, $basketcontractnumber, $deliveryplace, $billingplace ) = @_;
+ my ( $booksellerid, $authorisedby, $basketname, $basketnote,
+ $basketbooksellernote, $basketcontractnumber, $deliveryplace,
+ $billingplace ) = @_;
my $dbh = C4::Context->dbh;
- my $query = "
- INSERT INTO aqbasket
- (creationdate,booksellerid,authorisedby)
- VALUES (now(),'$booksellerid','$authorisedby')
- ";
- my $sth =
- $dbh->do($query);
-#find & return basketno MYSQL dependant, but $dbh->last_insert_id always returns null :-(
- my $basket = $dbh->{'mysql_insertid'};
- ModBasketHeader($basket, $basketname || '', $basketnote || '', $basketbooksellernote || '', $basketcontractnumber || undef, $booksellerid, $deliveryplace || undef, $billingplace || undef );
+ my $query =
+ 'INSERT INTO aqbasket (creationdate,booksellerid,authorisedby) '
+ . 'VALUES (now(),?,?)';
+ $dbh->do( $query, {}, $booksellerid, $authorisedby );
+
+ my $basket = $dbh->{mysql_insertid};
+ $basketname ||= q{}; # default to empty strings
+ $basketnote ||= q{};
+ $basketbooksellernote ||= q{};
+ ModBasketHeader( $basket, $basketname, $basketnote, $basketbooksellernote,
+ $basketcontractnumber, $booksellerid, $deliveryplace, $billingplace );
return $basket;
}
--
1.8.1.1.347.g9591fcc
More information about the Koha-patches
mailing list