my $sth=$dbh->prepare("update biblioitems set biblionumber=? where biblioitemnumber=?");
$sth->execute($bib,$bi);
$sth->finish;
- $query="";
$sth=$dbh->prepare("update items set biblionumber=? where biblioitemnumber=?");
$sth->execute($bib,$bi);
$sth->finish;
use C4::Format;
use C4::Accounts;
use C4::Stats;
-use C4::InterfaceCDK;
-use C4::Interface::ReserveentCDK;
+#use C4::InterfaceCDK;
+#use C4::Interface::ReserveentCDK;
use C4::Circulation::Main;
use C4::Circulation::Borrower;
use C4::Search;
my @items = GetItems($env,$biblionumber);
my $cnt_it = @items;
my $dbh = C4::Context->dbh;
- my $query = "Select * from biblio where biblionumber = $biblionumber";
- my $sth = $dbh->prepare($query);
- $sth->execute;
+ my $query = "";
+ my $sth = $dbh->prepare("Select * from biblio where biblionumber = ?");
+ $sth->execute($biblionumber);
my $data=$sth->fetchrow_hashref;
$sth->finish;
my @branches;
- my $query = "select * from branches where issuing=1 order by branchname";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("select * from branches where issuing=1 order by branchname");
$sth->execute;
while (my $branchrec=$sth->fetchrow_hashref) {
my $branchdet =
#check for issues;
my $dbh = C4::Context->dbh;
my $const = lc substr($constraint,0,1);
- my $query = "select * from borrowers,categories
- where (borrowernumber = '$borrnum')
- and (borrowers.categorycode = categories.categorycode)";
- my $sth = $dbh->prepare($query);
- $sth->execute;
+ my $sth = $dbh->prepare("select * from borrowers,categories
+ where (borrowernumber = ?)
+ and (borrowers.categorycode = categories.categorycode)");
+ $sth->execute($borrnum);
my $data = $sth->fetchrow_hashref;
$sth->finish();
my $fee = $data->{'reservefee'};
# check for items on issue
# first find biblioitem records
my @biblioitems;
- my $query1 = "select * from biblio,biblioitems
- where (biblio.biblionumber = '$biblionumber')
- and (biblio.biblionumber = biblioitems.biblionumber)";
- my $sth1 = $dbh->prepare($query1);
- $sth1->execute();
+ my $sth1 = $dbh->prepare("select * from biblio,biblioitems
+ where (biblio.biblionumber = ?)
+ and (biblio.biblionumber = biblioitems.biblionumber)");
+ $sth1->execute($biblionumber);
while (my $data1=$sth1->fetchrow_hashref) {
if ($const eq "a") {
push @biblioitems,$data1;
my $allissued = 1;
while ($x < $cntitemsfound) {
my $bitdata = @biblioitems[$x];
- my $query2 = "select * from items
- where biblioitemnumber = '$bitdata->{'biblioitemnumber'}'";
- my $sth2 = $dbh->prepare($query2);
- $sth2->execute;
+ my $sth2 = $dbh->prepare("select * from items
+ where biblioitemnumber = ?");
+ $sth2->execute($bitdata->{'biblioitemnumber'});
while (my $itdata=$sth2->fetchrow_hashref) {
- my $query3 = "select * from issues
- where itemnumber = '$itdata->{'itemnumber'}' and returndate is null";
- my $sth3 = $dbh->prepare($query3);
- $sth3->execute();
+ my $sth3 = $dbh->prepare("select * from issues
+ where itemnumber = ? and returndate is null");
+ $sth3->execute($itdata->{'itemnumber'});
if (my $isdata=$sth3->fetchrow_hashref) { } else {$allissued = 0; }
}
$x++;
}
if ($allissued == 0) {
- my $rquery = "select * from reserves
- where biblionumber = '$biblionumber'";
- my $rsth = $dbh->prepare($rquery);
- $rsth->execute();
+ my $rsth = $dbh->prepare("select * from reserves
+ where biblionumber = ?");
+ $rsth->execute($biblionumber);
if (my $rdata = $rsth->fetchrow_hashref) { } else {
$fee = 0;
}
# updates take place here
if ($fee > 0) {
my $nextacctno = &getnextacctno($env,$borrnum,$dbh);
- my $updquery = "insert into accountlines
+ my $usth = $dbh->prepare("insert into accountlines
(borrowernumber,accountno,date,amount,description,accounttype,amountoutstanding)
- values ($borrnum,$nextacctno,now(),$fee,'Reserve Charge','Res',$fee)";
- my $usth = $dbh->prepare($updquery);
- $usth->execute;
+ values (?,?,now(),?,'Reserve Charge','Res',?)");
+ $usth->execute($borrnum,$nextacctno,$fee,$fee);
$usth->finish;
}
- my $query="insert into reserves (borrowernumber,biblionumber,reservedate,branchcode,constrainttype) values ('$borrnum','$biblionumber','$resdate','$branch','$const')";
- my $sth = $dbh->prepare($query);
- $sth->execute();
+ my $sth = $dbh->prepare("insert into reserves (borrowernumber,biblionumber,reservedate,branchcode,constrainttype) values (?,?,?,?,?)");
+ $sth->execute($borrnum,$biblionumber,$resdate,$branch,$const);
if (($const eq "o") || ($const eq "e")) {
my $numitems = @$bibitems;
my $i = 0;
while ($i < $numitems) {
my $biblioitem = @$bibitems[$i];
- my $query = "insert into reserveconstraints
+ my $sth = $dbh->prepare("insert into reserveconstraints
(borrowernumber,biblionumber,reservedate,biblioitemnumber)
- values ('$borrnum','$biblionumber','$resdate','$biblioitem')";
- my $sth = $dbh->prepare($query);
- $sth->execute();
+ values (?,?,?,?)");
+ $sth->execute($borrnum,$biblionumber,$resdate,$biblioitem);
$i++;
}
}
foreach my $subfield (sort( keys %{$tagslib->{$tag}})) {
next if subfield_is_koha_internal_p($subfield);
next if ($tagslib->{$tag}->{$subfield}->{tab} ne $tabloop);
- next if (defined($record->field($tag)->subfield($subfield)));
+ next if ($tag > 10 && defined($record->field($tag)->subfield($subfield)));
+ next if ($tag < 10 && defined($record->field($tag)->data()));
push(@subfields_data, &create_input($tag,$subfield,'',$i,$tabloop,$record,$authorised_values_sth));
$i++;
}
$template->param($count);
if ($count == 1){
- my $query="Select itemtype,description from itemtypes order by description";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("Select itemtype,description from itemtypes order by description");
$sth->execute;
my @itemtype;
my %itemtypes;
push @loop_currency, \%line;
}
-my $query="Select itemtype,description from itemtypes order by description";
-my $sth=$dbh->prepare($query);
+my $sth=$dbh->prepare("Select itemtype,description from itemtypes order by description");
$sth->execute;
my @itemtype;
my %itemtypes;
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where (bookfundid like \"$data[0]%\") order by bookfundid,aqbudgetid";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where (bookfundid like ?) order by bookfundid,aqbudgetid");
+ $sth->execute("$data[0]%");
my @results;
my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
my $dataaqbookfund;
if ($aqbudgetid) {
my $dbh = C4::Context->dbh;
- my $query="select aqbudgetid,bookfundname,aqbookfund.bookfundid,startdate,enddate,budgetamount from aqbudget,aqbookfund where aqbudgetid='$aqbudgetid' and aqbudget.bookfundid=aqbookfund.bookfundid";
-# print $query;
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("select aqbudgetid,bookfundname,aqbookfund.bookfundid,startdate,enddate,budgetamount from aqbudget,aqbookfund where aqbudgetid=? and aqbudget.bookfundid=aqbookfund.bookfundid");
+ $sth->execute($aqbudgetid);
$dataaqbudget=$sth->fetchrow_hashref;
$sth->finish;
}
# called by add_form, used to insert/modify data in DB
} elsif ($op eq 'add_validate') {
my $dbh = C4::Context->dbh;
- my $query = "replace aqbudget (aqbudgetid,bookfundid,startdate,enddate,budgetamount) values (?,?,?,?,?)";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("replace aqbudget (aqbudgetid,bookfundid,startdate,enddate,budgetamount) values (?,?,?,?,?)");
$sth->execute($input->param('aqbudgetid'),$input->param('bookfundid'),
format_date_in_iso($input->param('startdate')),
format_date_in_iso($input->param('enddate')),
# called by default form, used to confirm deletion of data in DB
} elsif ($op eq 'delete_confirm') {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where aqbudgetid='$aqbudgetid'");
- $sth->execute;
+ my $sth=$dbh->prepare("select aqbudgetid,bookfundid,startdate,enddate,budgetamount from aqbudget where aqbudgetid=?");
+ $sth->execute($aqbudgetid);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(bookfundid => $bookfundid);
} elsif ($op eq 'delete_confirmed') {
my $dbh = C4::Context->dbh;
my $aqbudgetid=uc($input->param('aqbudgetid'));
- my $query = "delete from aqbudget where aqbudgetid='$aqbudgetid'";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from aqbudget where aqbudgetid=?");
+ $sth->execute($aqbudgetid);
$sth->finish;
print $input->redirect("aqbookfund.pl");
return;
# $fines=$fines+0;
my $dataaqbookfund;
my $dbh = C4::Context->dbh;
- my $query="select bookfundid,bookfundname from aqbookfund where bookfundid=?";
-# print $query;
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("select bookfundid,bookfundname from aqbookfund where bookfundid=?");
$sth->execute($results->[$i]{'bookfundid'});
$dataaqbookfund=$sth->fetchrow_hashref;
$sth->finish;
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select id,category,authorised_value,lib from authorised_values where (category like \"$data[0]%\") order by category,authorised_value";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select id,category,authorised_value,lib from authorised_values where (category like ?) order by category,authorised_value");
+ $sth->execute("$data[0]%");
my @results;
my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
my $searchfield=$input->param('searchfield');
$searchfield=~ s/\,//g;
my $id = $input->param('id');
-my $reqsel="select category,authorised_value,lib from authorised_values where id='$id'";
-my $reqdel="delete from authorised_values where id='$id'";
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/authorised_values.pl";
my $dbh = C4::Context->dbh;
my $data;
if ($id) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select id,category,authorised_value,lib from authorised_values where id='$id'");
- $sth->execute;
+ my $sth=$dbh->prepare("select id,category,authorised_value,lib from authorised_values where id=?");
+ $sth->execute($id);
$data=$sth->fetchrow_hashref;
$sth->finish;
} else {
# called by default form, used to confirm deletion of data in DB
} elsif ($op eq 'delete_confirm') {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqsel);
- $sth->execute;
+ my $sth=$dbh->prepare("select category,authorised_value,lib from authorised_values where id=?");
+ $sth->execute($id);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(searchfield => $searchfield,
# called by delete_confirm, used to effectively confirm deletion of data in DB
} elsif ($op eq 'delete_confirmed') {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqdel);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from authorised_values where id=?");
+ $sth->execute($id);
$sth->finish;
print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=$searchfield\"></html>";
exit;
$subtotal++;
}
}
-$sth = $dbh->prepare("select kohafield from marc_subfield_structure where tagfield=$tagfield");
-$sth->execute;
+$sth = $dbh->prepare("select kohafield from marc_subfield_structure where tagfield=?");
+$sth->execute($tagfield);
while (($res2) = $sth->fetchrow) {
if (!$res2 || $res2 =~ /^items/) {
} else {
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select variable,value,explanation,type,options from systempreferences where (variable like \"$data[0]%\") order by variable";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select variable,value,explanation,type,options from systempreferences where (variable like ?) order by variable");
+ $sth->execute("$data[0]%");
my @results;
my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
my $input = new CGI;
my $searchfield=$input->param('searchfield');
-my $pkfield="variable";
-my $reqsel="select variable,value,explanation,type,options from systempreferences where $pkfield='$searchfield'";
-my $reqdel="delete from systempreferences where $pkfield='$searchfield'";
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/systempreferences.pl";
$sth->execute($input->param('variable'));
if ($sth->rows) {
unless (C4::Context->config('demo') eq 1) {
- my $query = "update systempreferences set value=?,explanation=? where variable=?";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("update systempreferences set value=?,explanation=? where variable=?");
$sth->execute($value, $input->param('explanation'), $input->param('variable'));
$sth->finish;
}
} else {
unless (C4::Context->config('demo') eq 1) {
- my $query = "insert into systempreferences (variable,value,explanation) values (?,?,?)";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("insert into systempreferences (variable,value,explanation) values (?,?,?)");
$sth->execute($input->param('variable'), $input->param('value'), $input->param('explanation'));
$sth->finish;
}
my $data;
if ($searchfield) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable='$searchfield'");
- $sth->execute;
+ my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable=?");
+ $sth->execute($searchfield);
$data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(modify => 1);
# called by add_form, used to insert/modify data in DB
} elsif ($op eq 'add_validate') {
my $dbh = C4::Context->dbh;
- my $query="select * from systempreferences where variable=?";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("select * from systempreferences where variable=?");
$sth->execute($input->param('variable'));
if ($sth->rows) {
unless (C4::Context->config('demo') eq 1) {
- my $query = "update systempreferences set value=?,explanation=? where variable=?";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("update systempreferences set value=?,explanation=? where variable=?");
$sth->execute($input->param('value'), $input->param('explanation'), $input->param('variable'));
$sth->finish;
}
} else {
unless (C4::Context->config('demo') eq 1) {
- my $query = "insert into systempreferences (variable,value,explanation) values (?,?,?)";
- my $sth=$dbh->prepare($query);
+ my $sth=$dbh->prepare("insert into systempreferences (variable,value,explanation) values (?,?,?)");
$sth->execute($input->param('variable'), $input->param('value'), $input->param('explanation'));
$sth->finish;
}
# called by default form, used to confirm deletion of data in DB
} elsif ($op eq 'delete_confirm') {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqsel);
- $sth->execute;
+ my $sth=$dbh->prepare("select variable,value,explanation,type,options from systempreferences where variable=?");
+ $sth->execute($searchfield);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(searchfield => $searchfield,
# called by delete_confirm, used to effectively confirm deletion of data in DB
} elsif ($op eq 'delete_confirmed') {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqdel);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from systempreferences where variable=?");
+ $sth->execute($searchfield);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
################## DEFAULT ##################################
my $offset=$input->param('offset');
my $father=$input->param('father');
-my $reqsel="select category,stdlib,freelib from bibliothesaurus where id='$id'";
+my $reqsel="";
my $reqdel="delete from bibliothesaurus where id='$id'";
my $script_name="/cgi-bin/koha/admin/thesaurus.pl";
my $dbh = C4::Context->dbh;
my $data;
if ($id) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select id,category,freelib,stdlib from bibliothesaurus where id='$id'");
- $sth->execute;
+ my $sth=$dbh->prepare("select id,category,freelib,stdlib from bibliothesaurus where id=?");
+ $sth->execute($id);
$data=$sth->fetchrow_hashref;
$sth->finish;
} else {
# called by default form, used to confirm deletion of data in DB
} elsif ($op eq 'delete_confirm') {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqsel);
- $sth->execute;
+ my $sth=$dbh->prepare("select category,stdlib,freelib from bibliothesaurus where id=?");
+ $sth->execute($id);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(search_category => $search_category,
if (@missing > 0) {
my $missing='';
- if (POSIX::setlocale(LC_ALL) != "C") {
+ if (POSIX::setlocale(LC_ALL) ne "C") {
$missing.=" export LC_ALL=C\n";
}
foreach my $module (@missing) {
$i++;
#now, parse the record, extract the item fields, and store them in somewhere else.
-# $record = MARC::File::USMARC::decode(char_decode($record->as_usmarc(),$char_encoding));
## create an empty record object to populate
my $newRecord = MARC::Record->new();
# go through each subfield code/data pair
foreach my $pair ( $oldField->subfields() ) {
- # upper case the data portion and store
- push( @newSubfields, $pair->[0], char_decode($pair->[1],$char_encoding) );
+ $pair->[1] =~ s/\<//g;
+ $pair->[1] =~ s/\>//g;
+ push( @newSubfields, $pair->[0], char_decode($pair->[1],$char_encoding) );
}
# add the new field to our new record
# separate function
#
my $dbh = C4::Context->dbh;
- my $query="Select * from borrowers where borrowernumber='$borrower->{'guarantor'}'";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("Select * from borrowers where borrowernumber=?");
+ $sth->execute($borrower->{'guarantor'});
my $tdata=$sth->fetchrow_hashref;
$sth->finish;
$borrower->{'phone'}=$tdata->{'phone'};
# FIXME
# this should be a separate function
#
- $item->{'title'}=~ s/\'/\\'/g;
- my $query="Insert into accountlines
+ my $sth=$dbh->prepare("Insert into accountlines
(borrowernumber,itemnumber,accountno,date,amount,
description,accounttype,amountoutstanding) values
- ($data->[$i]->{'borrowernumber'},$data->[$i]->{'itemnumber'},
- '$accountno',now(),'$cost','Lost item $item->{'title'} $item->{'barcode'} $due','L','$cost')";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ (?,?,?,now(),?,?,'L',?)");
+ $sth->execute($data->[$i]->{'borrowernumber'},$data->[$i]->{'itemnumber'},
+ $accountno,$cost,"Lost item $item->{'title'} $item->{'barcode'} $due",$cost);
$sth->finish;
- $query="update items set itemlost=2 where itemnumber='$data->[$i]->{'itemnumber'}'";
- $sth=$dbh->prepare($query);
- $sth->execute;
+ $sth=$dbh->prepare("update items set itemlost=2 where itemnumber=?");
+ $sth->execute($data->[$i]->{'itemnumber'});
$sth->finish;
- } else { # FIXME
- # this should be deleted
- #
}
}
}