Bug 6452: Use placeholders in sql

author Frère Sébastien Marie <semarie-koha@latrappe.fr>

Sun, 27 Feb 2011 14:36:12 +0000 (15:36 +0100)

committer Chris Cormack <chrisc@catalyst.net.nz>

Fri, 3 Jun 2011 18:56:36 +0000 (06:56 +1200)
author Frère Sébastien Marie <semarie-koha@latrappe.fr>
Sun, 27 Feb 2011 14:36:12 +0000 (15:36 +0100)
committer Chris Cormack <chrisc@catalyst.net.nz>
Fri, 3 Jun 2011 18:56:36 +0000 (06:56 +1200)
diff --git a/C4/Acquisition.pm b/C4/Acquisition.pm

index e431bd2..45c1948 100644 (file)
--- a/C4/Acquisition.pm
+++ b/C4/Acquisition.pm
@@ -1352,8 +1352,9 @@ sub GetParcels {
                  sum(quantity) AS itemsexpected,
                  sum(quantityreceived) AS itemsreceived
          FROM   aqorders LEFT JOIN aqbasket ON aqbasket.basketno = aqorders.basketno
-        WHERE aqbasket.booksellerid = $bookseller and datereceived IS NOT NULL
+        WHERE aqbasket.booksellerid = ? and datereceived IS NOT NULL
      ";
+    push @query_params, $bookseller;
  
      if ( defined $code ) {
          $strsth .= ' and aqorders.booksellerinvoicenumber like ? ';
author	Frère Sébastien Marie <semarie-koha@latrappe.fr>
	Sun, 27 Feb 2011 14:36:12 +0000 (15:36 +0100)
committer	Chris Cormack <chrisc@catalyst.net.nz>
	Fri, 3 Jun 2011 18:56:36 +0000 (06:56 +1200)