$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="select bookfundid,bookfundname,bookfundgroup from aqbookfund where (bookfundname like \"%$data[0]%\") order by bookfundid";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where (bookfundname like ?) order by bookfundid");
+ $sth->execute("%$data[0]%");
my @results;
- my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
push(@results,$data);
- $cnt ++;
}
# $sth->execute;
$sth->finish;
- return ($cnt,\@results);
+ return (scalar(@results),\@results);
}
my $input = new CGI;
my $header;
if ($bookfundid) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where bookfundid='$bookfundid'");
- $sth->execute;
+ my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where bookfundid=?");
+ $sth->execute($bookfundid);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
} elsif ($op eq 'add_validate') {
my $dbh = C4::Context->dbh;
my $bookfundid=uc($input->param('bookfundid'));
- my $query = "delete from aqbookfund where bookfundid ='$bookfundid'";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from aqbookfund where bookfundid =?");
+ $sth->execute($bookfundid);
$sth->finish;
- $query = "replace aqbookfund (bookfundid,bookfundname) values (";
- $query.= $dbh->quote($input->param('bookfundid')).",";
- $query.= $dbh->quote($input->param('bookfundname')).")";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("replace aqbookfund (bookfundid,bookfundname) values (?,?)");
+ $sth->execute($input->param('bookfundid'),$input->param('bookfundname'));
$sth->finish;
# END $OP eq ADD_VALIDATE
################## DELETE_CONFIRM ##################################
# $sth->execute;
# my $total = $sth->fetchrow_hashref;
# $sth->finish;
- my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where bookfundid='$bookfundid'");
- $sth->execute;
+ my $sth=$dbh->prepare("select bookfundid,bookfundname,bookfundgroup from aqbookfund where bookfundid=?");
+ $sth->execute($bookfundid);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(bookfundid => $bookfundid);
} elsif ($op eq 'delete_confirmed') {
my $dbh = C4::Context->dbh;
my $bookfundid=uc($input->param('bookfundid'));
- my $query = "delete from aqbookfund where bookfundid='$bookfundid'";
- my $sth=$dbh->prepare($query);
- $sth->execute;
- $dbh->do("delete from aqbudget where bookfundid='$bookfundid'");
+ my $sth=$dbh->prepare("delete from aqbookfund where bookfundid=?");
+ $sth->execute($bookfundid);
+ $sth->finish;
+ $sth=$dbh->prepare("delete from aqbudget where bookfundid=?");
+ $sth->execute($bookfundid);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
################## DEFAULT ##################################
my ($branchcode) = @_;
my $dbh = C4::Context->dbh;
- my ($query, @query_args);
+ my $sth;
if ($branchcode) {
- $query = "Select * from branches where branchcode = ?";
- @query_args = ($branchcode);
+ $sth = $dbh->prepare("Select * from branches where branchcode = ? order by branchcode");
+ $sth->execute($branchcode);
} else {
- $query = "Select * from branches";
+ $sth = $dbh->prepare("Select * from branches order by branchcode");
+ $sth->execute();
}
- $query.=" order by branchcode";
- my $sth = $dbh->prepare($query);
- $sth->execute(@query_args);
my @results;
while (my $data = $sth->fetchrow_hashref) {
- $query = "select categorycode from branchrelations where branchcode = ?";
- my $nsth = $dbh->prepare($query);
+ my $nsth = $dbh->prepare("select categorycode from branchrelations where branchcode = ?");
$nsth->execute($data->{'branchcode'});;
my @cats = ();
while (my ($cat) = $nsth->fetchrow_array) {
# returns a reference to an array of hashes containing branches,
my ($catcode) = @_;
my $dbh = C4::Context->dbh;
- my ($query, @query_args);
+ my $sth;
# print DEBUG "getcategoryinfo: entry: catcode=".cvs($catcode)."\n";
if ($catcode) {
- $query = "select * from branchcategories where categorycode = ?";
- @query_args = ($catcode);
+ $sth = $dbh->prepare("select * from branchcategories where categorycode = ?");
+ $sth->execute($catcode);
} else {
- $query = "Select * from branchcategories";
+ $sth = $dbh->prepare("Select * from branchcategories");
+ $sth->execute();
}
- # print DEBUG "getcategoryinfo: query=".cvs($query)."\n";
- my $sth = $dbh->prepare($query);
- $sth->execute(@query_args);
my @results;
while (my $data = $sth->fetchrow_hashref) {
push(@results, $data);
# sets the data from the editbranch form, and writes to the database...
my ($data) = @_;
my $dbh = C4::Context->dbh;
- my $query = "replace branches (branchcode,branchname,branchaddress1,branchaddress2,branchaddress3,branchphone,branchfax,branchemail) values (?,?,?,?,?,?,?,?)";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("replace branches (branchcode,branchname,branchaddress1,branchaddress2,branchaddress3,branchphone,branchfax,branchemail) values (?,?,?,?,?,?,?,?)");
$sth->execute(uc($data->{'branchcode'}), $data->{'branchname'},
$data->{'branchaddress1'}, $data->{'branchaddress2'},
$data->{'branchaddress3'}, $data->{'branchphone'},
push(@addcats, $ccat);
}
}
- # FIXME - There's already a $dbh in this scope.
- my $dbh = C4::Context->dbh;
foreach my $cat (@addcats) {
- my $query = "insert into branchrelations (branchcode, categorycode) values(?, ?)";
- my $sth = $dbh->prepare($query);
+ my $sth = $dbh->prepare("insert into branchrelations (branchcode, categorycode) values(?, ?)");
$sth->execute($branchcode, $cat);
$sth->finish;
}
foreach my $cat (@removecats) {
- my $query = "delete from branchrelations where branchcode=? and categorycode=?";
- my $sth = $dbh->prepare($query);
+ my $sth = $dbh->prepare("delete from branchrelations where branchcode=? and categorycode=?");
$sth->execute($branchcode, $cat);
$sth->finish;
}
sub deletebranch {
# delete branch...
my ($branchcode) = @_;
- my $query = "delete from branches where branchcode = ?";
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("delete from branches where branchcode = ?");
$sth->execute($branchcode);
$sth->finish;
}
# sets the data from the editbranch form, and writes to the database...
my ($data) = @_;
my $dbh = C4::Context->dbh;
- my $query = "replace branchcategories (categorycode,categoryname,codedescription) values (?,?,?)";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("replace branchcategories (categorycode,categoryname,codedescription) values (?,?,?)");
$sth->execute(uc($data->{'categorycode'}), $data->{'categoryname'},$data->{'codedescription'});
$sth->finish;
sub deletecategory {
# delete branch...
my ($categorycode) = @_;
- my $query = "delete from branchcategories where categorycode = ?";
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("delete from branchcategories where categorycode = ?");
$sth->execute($categorycode);
$sth->finish;
}
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select * from categories where (description like \"$data[0]%\")";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select * from categories where (description like ?)");
+ $sth->execute("$data[0]%");
my @results;
- my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
push(@results,$data);
- $cnt ++;
}
# $sth->execute;
$sth->finish;
- return ($cnt,\@results);
+ return (scalar(@results),\@results);
}
my $input = new CGI;
my $script_name="/cgi-bin/koha/admin/categorie.pl";
my $categorycode=$input->param('categorycode');
my $op = $input->param('op');
-$searchfield=~ s/\,//g;
my ($template, $loggedinuser, $cookie)
= get_template_and_user({template_name => "parameters/categorie.tmpl",
my $data;
if ($categorycode) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'");
- $sth->execute;
+ my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?");
+ $sth->execute($categorycode);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
} elsif ($op eq 'add_validate') {
$template->param(add_validate => 1);
my $dbh = C4::Context->dbh;
- my $query = "replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values (";
- $query.= $dbh->quote($input->param('categorycode')).",";
- $query.= $dbh->quote($input->param('description')).",";
- $query.= $dbh->quote($input->param('enrolmentperiod')).",";
- $query.= $dbh->quote($input->param('upperagelimit')).",";
- $query.= $dbh->quote($input->param('dateofbirthrequired')).",";
- $query.= $dbh->quote($input->param('enrolmentfee')).",";
- $query.= $dbh->quote($input->param('issuelimit')).",";
- $query.= $dbh->quote($input->param('reservefee')).",";
- $query.= $dbh->quote($input->param('overduenoticerequired')).")";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values (?,?,?,?,?,?,?,?,?)");
+ $sth->execute(map { $input->param($_) } ('categorycode','description','enrolmentperiod','upperagelimit','dateofbirthrequired','enrolmentfee','issuelimit','reservefee','overduenoticerequired'));
$sth->finish;
# END $OP eq ADD_VALIDATE
################## DELETE_CONFIRM ##################################
$template->param(delete_confirm => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode='$categorycode'");
- $sth->execute;
+ my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode=?");
+ $sth->execute($categorycode);
my $total = $sth->fetchrow_hashref;
$sth->finish;
$template->param(total => $total->{'total'});
- my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'");
- $sth2->execute;
+ my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?");
+ $sth2->execute($categorycode);
my $data=$sth2->fetchrow_hashref;
$sth2->finish;
if ($total->{'total'} >0) {
$template->param(delete_confirmed => 1);
my $dbh = C4::Context->dbh;
my $categorycode=uc($input->param('categorycode'));
- my $query = "delete from categories where categorycode='$categorycode'";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from categories where categorycode=?");
+ $sth->execute($categorycode);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
} else { # DEFAULT
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select * from categories where (description like \"$data[0]%\")";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select * from categories where (description like ?)");
+ $sth->execute("$data[0]%");
my @results;
- my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
push(@results,$data);
- $cnt ++;
}
# $sth->execute;
$sth->finish;
- return ($cnt,\@results);
+ return (scalar(@results),\@results);
}
my $input = new CGI;
my $data;
if ($categorycode) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'");
- $sth->execute;
+ my $sth=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?");
+ $sth->execute($categorycode);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
} elsif ($op eq 'add_validate') {
$template->param(add_validate => 1);
my $dbh = C4::Context->dbh;
- my $query = "replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values (";
- $query.= $dbh->quote($input->param('categorycode')).",";
- $query.= $dbh->quote($input->param('description')).",";
- $query.= $dbh->quote($input->param('enrolmentperiod')).",";
- $query.= $dbh->quote($input->param('upperagelimit')).",";
- $query.= $dbh->quote($input->param('dateofbirthrequired')).",";
- $query.= $dbh->quote($input->param('finetype')).",";
- $query.= $dbh->quote($input->param('bulk')).",";
- $query.= $dbh->quote($input->param('enrolmentfee')).",";
- $query.= $dbh->quote($input->param('issuelimit')).",";
- $query.= $dbh->quote($input->param('reservefee')).",";
- $query.= $dbh->quote($input->param('overduenoticerequired')).")";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("replace categories (categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired) values (?,?,?,?,?,?,?,?,?,?,?)");
+ $sth->execute(map {$input->param($_)} ('categorycode','description','enrolmentperiod','upperagelimit','dateofbirthrequired','finetype','bulk','enrolmentfee','issuelimit','reservefee','overduenoticerequired'));
$sth->finish;
print "data recorded";
print "<form action='$script_name' method=post>";
} elsif ($op eq 'delete_confirm') {
$template->param(delete_confirm => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode='$categorycode'");
- $sth->execute;
+ my $sth=$dbh->prepare("select count(*) as total from categoryitem where categorycode=?");
+ $sth->execute($categorycode);
my $total = $sth->fetchrow_hashref;
print "TOTAL : $categorycode : $total->{'total'}<br>";
$sth->finish;
- my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode='$categorycode'");
- $sth2->execute;
+ my $sth2=$dbh->prepare("select categorycode,description,enrolmentperiod,upperagelimit,dateofbirthrequired,finetype,bulk,enrolmentfee,issuelimit,reservefee,overduenoticerequired from categories where categorycode=?");
+ $sth2->execute($categorycode);
my $data=$sth2->fetchrow_hashref;
$sth2->finish;
$template->param(delete_confirmed => 1);
my $dbh = C4::Context->dbh;
my $categorycode=uc($input->param('categorycode'));
- my $query = "delete from categories where categorycode='$categorycode'";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from categories where categorycode=?");
+ $sth->execute($categorycode);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
} else { # DEFAULT
overduenoticerequired => $results->[$i]{'overduenoticerequired'},
issuelimit => $results->[$i]{'issuelimit'},
reservefee => $results->[$i]{'reservefee'},
- toggle = $toggle );
+ toggle => $toggle );
push @loop, \%row;
if ( $toggle eq 'white' )
{
my $type=$input->param('type');
my $dbh = C4::Context->dbh;
-my $query="Select description,categorycode from categories";
-my $sth=$dbh->prepare($query);
+my $sth=$dbh->prepare("Select description,categorycode from categories");
$sth->execute;
my @trow3;
my @title_loop;
$i++;
}
$sth->finish;
-$query="Select description,itemtype from itemtypes";
-$sth=$dbh->prepare($query);
+$sth=$dbh->prepare("Select description,itemtype from itemtypes");
$sth->execute;
$i=0;
my $toggle="white";
$toggle = 'white';
}
for ($i=0;$i<9;$i++){
- $query="select * from categoryitem where categorycode=? and itemtype=?";
- my $sth2=$dbh->prepare($query);
+ my $sth2=$dbh->prepare("select * from categoryitem where categorycode=? and itemtype=?");
$sth2->execute($trow3[$i],$data->{'itemtype'});
my $dat=$sth2->fetchrow_hashref;
$sth2->finish;
my $input = new CGI;
my $searchfield=$input->param('searchfield');
-my $pkfield="currency";
-my $reqsel="select currency,rate from currency where $pkfield='$searchfield'";
-my $reqdel="delete from currency where $pkfield='$searchfield'";
#my $branchcode=$input->param('branchcode');
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/currency.pl";
my $data;
if ($searchfield) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select currency,rate from currency where currency='$searchfield'");
- $sth->execute;
+ my $sth=$dbh->prepare("select currency,rate from currency where currency=?");
+ $sth->execute($searchfield);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
} elsif ($op eq 'delete_confirm') {
$template->param(delete_confirm => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select count(*) as total from aqbooksellers where currency='$searchfield'");
- $sth->execute;
+ my $sth=$dbh->prepare("select count(*) as total from aqbooksellers where currency=?");
+ $sth->execute($searchfield);
my $total = $sth->fetchrow_hashref;
$sth->finish;
- my $sth2=$dbh->prepare($reqsel);
- $sth2->execute;
+ my $sth2=$dbh->prepare("select currency,rate from currency where currency=?");
+ $sth2->execute($searchfield);
my $data=$sth2->fetchrow_hashref;
$sth2->finish;
} elsif ($op eq 'delete_confirmed') {
$template->param(delete_confirmed => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqdel);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from currency where currency=?");
+ $sth->execute($searchfield);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
################## DEFAULT ##################################
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select * from itemtypes where (description like \"$data[0]%\") order by itemtype";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select * from itemtypes where (description like ?) order by itemtype");
+ $sth->execute("$data[0]%");
my @results;
- my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
push(@results,$data);
- $cnt ++;
}
# $sth->execute;
$sth->finish;
- return ($cnt,\@results);
+ return (scalar(@results),\@results);
}
my $input = new CGI;
my $data;
if ($itemtype) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select itemtype,description,loanlength,renewalsallowed,rentalcharge from itemtypes where itemtype='$itemtype'");
- $sth->execute;
+ my $sth=$dbh->prepare("select itemtype,description,loanlength,renewalsallowed,rentalcharge from itemtypes where itemtype=?");
+ $sth->execute($itemtype);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
#start the page and read in includes
my $dbh = C4::Context->dbh;
my $itemtype=uc($input->param('itemtype'));
- my $query = "delete from itemtypes where itemtype='$itemtype'";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from itemtypes where itemtype=?");
+ $sth->execute($itemtype);
$sth->finish;
print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=itemtypes.pl\"></html>";
exit;
my ($defaulttagfield, $defaulttagsubfield,$defaultliblibrarian) = $sth->fetchrow;
for (my $i=0;$i<=9;$i++) {
- my $sth2=$dbh->prepare("select tagfield,tagsubfield,liblibrarian as lib,tab from marc_subfield_structure where tagfield like '$i%'");
- $sth2->execute;
+ my $sth2=$dbh->prepare("select tagfield,tagsubfield,liblibrarian as lib,tab from marc_subfield_structure where tagfield like ?");
+ $sth2->execute("$i%");
my @marcarray;
push @marcarray," ";
while (my ($field, $tagsubfield, $liblibrarian) = $sth2->fetchrow_array) {
$fields{$kohafield}->{tagsubfield} = $tagsubfield;
$fields{$kohafield}->{liblibrarian} = $liblibrarian;
}
- my $sth2=$dbh->prepare("SHOW COLUMNS from $tablename");
- $sth2->execute;
+ #XXX: This might not work. Maybe should use a DBI call instead of SHOW COLUMNS
+ my $sth2=$dbh->prepare("SHOW COLUMNS from ?");
+ $sth2->execute($tablename);
my $toggle="white";
my @loop_data = ();
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where (tagfield like \"$searchstring%\") order by tagfield";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where (tagfield like ?) order by tagfield");
+ $sth->execute("$searchstring%");
my @results;
my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
my $tagfield=$input->param('tagfield');
my $tagsubfield=$input->param('tagsubfield');
my $pkfield="tagfield";
-my $reqsel="select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where tagfield='$tagfield' and tagsubfield='$tagsubfield'";
-my $reqdel="delete from marc_subfield_structure where tagfield='$tagfield' and tagsubfield='$tagsubfield'";
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/marc_subfields_structure.pl";
closedir DIR;
# build values list
- my $sth=$dbh->prepare("select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where tagfield='$tagfield'"); # and tagsubfield='$tagsubfield'");
- $sth->execute;
+ my $sth=$dbh->prepare("select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where tagfield=?"); # and tagsubfield='$tagsubfield'");
+ $sth->execute($tagfield);
my @loop_data = ();
my $toggle="white";
my $i=0;
-size=>1,
-multiple=>0,
);
- $row_data{tagsubfield} =$data->{'tagsubfield'}."<input type=\"hidden\" name=\"tagsubfield\" value=\"".$data->{'tagsubfield'}."\" />";
+ $row_data{tagsubfield} =$data->{'tagsubfield'}."<input type='hidden' name='tagsubfield' value='".$data->{'tagsubfield'}."'>";
$row_data{liblibrarian} = CGI::escapeHTML($data->{'liblibrarian'});
$row_data{libopac} = CGI::escapeHTML($data->{'libopac'});
$row_data{kohafield}= CGI::scrolling_list( -name=>"kohafield",
-size=>1,
-multiple=>0,
);
- $row_data{tagsubfield} = "<input type=\"text\" name=\"tagsubfield\" value=\"".$data->{'tagsubfield'}."\" size=\"3\" maxlength=\"1\" />";
+ $row_data{tagsubfield} = "<input type=\"text\" name=\"tagsubfield\" value=\"".$data->{'tagsubfield'}."\" size=\"3\" maxlength=\"1\">";
$row_data{liblibrarian} = "";
$row_data{libopac} = "";
$row_data{repeatable} = CGI::checkbox('repeatable','',1,'');
push(@loop_data, \%row_data);
}
$template->param(action => "Edit subfields",
- tagfield => "<input type=\"hidden\" name=\"tagfield\" value=\"$tagfield\" />$tagfield",
+ tagfield => "<input type=\"hidden\" name=\"tagfield\" value=\"$tagfield\">$tagfield",
loop => \@loop_data,
more_subfields => $more_subfields,
more_tag => $tagfield);
# called by default form, used to confirm deletion of data in DB
} elsif ($op eq 'delete_confirm') {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqsel);
- $sth->execute;
+ my $sth=$dbh->prepare("select tagfield,tagsubfield,liblibrarian,libopac,repeatable,mandatory,kohafield,tab,authorised_value,thesaurus_category,value_builder from marc_subfield_structure where tagfield=? and tagsubfield=?");
+ $sth->execute($tagfield,$tagsubfield);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(liblibrarian => $data->{'liblibrarian'},
} elsif ($op eq 'delete_confirmed') {
my $dbh = C4::Context->dbh;
unless (C4::Context->config('demo') eq 1) {
- my $sth=$dbh->prepare($reqdel);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from marc_subfield_structure where tagfield=? and tagsubfield=?");
+ $sth->execute($tagfield,$tagsubfield);
$sth->finish;
}
print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=marc_subfields_structure.pl?tagfield=$tagfield\"></html>";
push(@loop_data, \%row_data);
}
$template->param(loop => \@loop_data);
- $template->param(edit => "<a href='$script_name?op=add_form&tagfield=$tagfield'>");
+ $template->param(edit => "<a href=\"$script_name?op=add_form&tagfield=$tagfield\">");
if ($offset>0) {
my $prevpage = $offset-$pagesize;
$template->param(prev =>"<a href=\"$script_name?offset=$prevpage\">");
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where (tagfield >= $data[0]) order by tagfield";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where (tagfield >= ?) order by tagfield");
+ $sth->execute($data[0]);
my @results;
- my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
push(@results,$data);
- $cnt ++;
}
# $sth->execute;
$sth->finish;
- return ($cnt,\@results);
+ return (scalar(@results),\@results);
}
my $input = new CGI;
my $searchfield=$input->param('searchfield');
$searchfield=0 unless $searchfield;
-my $pkfield="tagfield";
-my $reqsel="select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where $pkfield='$searchfield'";
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/marctagstructure.pl";
#---- if primkey exists, it's a modify action, so read values to modify...
my $data;
if ($searchfield) {
- my $sth=$dbh->prepare("select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where $pkfield='$searchfield'");
- $sth->execute;
+ my $sth=$dbh->prepare("select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where tagfield=?");
+ $sth->execute($searchfield);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
# called by default form, used to confirm deletion of data in DB
} elsif ($op eq 'delete_confirm') {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqsel);
- $sth->execute;
+ my $sth=$dbh->prepare("select tagfield,liblibrarian,libopac,repeatable,mandatory,authorised_value from marc_tag_structure where tagfield=?");
+ $sth->execute($searchfield);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(liblibrarian => $data->{'liblibrarian'},
} elsif ($op eq 'delete_confirmed') {
my $dbh = C4::Context->dbh;
unless (C4::Context->config('demo') eq 1) {
- $dbh->do("delete from marc_tag_structure where $pkfield='$searchfield'");
+ $dbh->do("delete from marc_tag_structure where tagfield='$searchfield'");
$dbh->do("delete from marc_subfield_structure where tagfield='$searchfield'");
}
# END $OP eq DELETE_CONFIRMED
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select printername,printqueue,printtype from printers where (printername like \"$data[0]%\") order by printername";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $query="";
+ my $sth=$dbh->prepare("Select printername,printqueue,printtype from printers where (printername like ?) order by printername");
+ $sth->execute("$data[0]%");
my @results;
my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
my $input = new CGI;
my $searchfield=$input->param('searchfield');
-my $pkfield="printername";
-my $reqsel="select printername,printqueue,printtype from printers where $pkfield='$searchfield'";
-my $reqdel="delete from printers where $pkfield='$searchfield'";
+my $pkfield="";
+my $reqsel="";
+my $reqdel="";
#my $branchcode=$input->param('branchcode');
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/printers.pl";
my $data;
if ($searchfield) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername='$searchfield'");
- $sth->execute;
+ my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername=?");
+ $sth->execute($searchfield);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
} elsif ($op eq 'add_validate') {
$template->param(add_validate => 1);
my $dbh = C4::Context->dbh;
- my $query = "replace printers (printername,printqueue,printtype) values (";
- $query.= $dbh->quote($input->param('printername')).",";
- $query.= $dbh->quote($input->param('printqueue')).",";
- $query.= $dbh->quote($input->param('printtype')).")";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("replace printers (printername,printqueue,printtype) values (?,?,?)");
+ $sth->execute($input->param('printername'),$input->param('printqueue'),$input->param('printtype'));
$sth->finish;
# END $OP eq ADD_VALIDATE
################## DELETE_CONFIRM ##################################
} elsif ($op eq 'delete_confirm') {
$template->param(delete_confirm => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqsel);
- $sth->execute;
+ my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername=");
+ $sth->execute($searchfield);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(printqueue => $data->{'printqueue'},
$template->param(delete_confirmed => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqdel);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from printers where printername=?");
+ $sth->execute($searchfield);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
################## DEFAULT ##################################
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select word from stopwords where (word like \"$data[0]%\") order by word";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $query="";
+ my $sth=$dbh->prepare("Select word from stopwords where (word like ?) order by word");
+ $sth->execute("$data[0]%");
my @results;
my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
my $input = new CGI;
my $searchfield=$input->param('searchfield');
-my $pkfield="word";
-my $reqsel="select word from stopwords where $pkfield='$searchfield'";
-my $reqdel="delete from stopwords where $pkfield='$searchfield'";
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/stopwords.pl";
my $data;
if ($searchfield) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select word from stopwords where word='$searchfield'");
- $sth->execute;
+ my $sth=$dbh->prepare("select word from stopwords where word=?");
+ $sth->execute($searchfield);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
} elsif ($op eq 'delete_confirm') {
$template->param(delete_confirm => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqsel);
- $sth->execute;
+ my $sth=$dbh->prepare("select word from stopwords where word=?");
+ $sth->execute($searchfield);
my $data=$sth->fetchrow_hashref;
$sth->finish;
# END $OP eq DELETE_CONFIRM
} elsif ($op eq 'delete_confirmed') {
$template->param(delete_confirmed => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqdel);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from stopwords where word=?");
+ $sth->execute($searchfield);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
################## DEFAULT ##################################
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name like \"$data[0]\%\") order by rank,name";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name like ?) order by rank,name");
+ $sth->execute("$data[0]\%");
my @results;
- my $cnt=0;
while (my $data=$sth->fetchrow_hashref) {
push(@results,$data);
- $cnt ++;
}
# $sth->execute;
$sth->finish;
$dbh->disconnect;
- return ($cnt,\@results);
+ return (scalar(@results),\@results);
}
my $input = new CGI;
my $searchfield=$input->param('searchfield');
-my $reqsel="select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name = '$searchfield') order by rank,name";
-my $reqdel="delete from z3950servers where name='$searchfield'";
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/z3950servers.pl";
my $data;
if ($searchfield) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name = '$searchfield') order by rank,name");
- $sth->execute;
+ my $sth=$dbh->prepare("select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name = ?) order by rank,name");
+ $sth->execute($searchfield);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
$template->param(delete_confirm => 1);
my $dbh = C4::Context->dbh;
- my $sth2=$dbh->prepare($reqsel);
- $sth2->execute;
+ my $sth2=$dbh->prepare("select host,port,db,userid,password,name,id,checked,rank,syntax from z3950servers where (name = ?) order by rank,name");
+ $sth2->execute($searchfield);
my $data=$sth2->fetchrow_hashref;
$sth2->finish;
} elsif ($op eq 'delete_confirmed') {
$template->param(delete_confirmed => 1);
my $dbh=C4::Context->dbh;
- my $sth=$dbh->prepare($reqdel);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from z3950servers where name=?");
+ $sth->execute($searchfield);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
################## DEFAULT ##################################