-$query = "SELECT surname, firstname, cardnumber, address, city, zipcode ".
- "FROM borrowers " .
- "WHERE surname LIKE '". $query . "%' " .
- "OR firstname LIKE '" . $query . "%' " .
- #"OR cardnumber LIKE '" . $query . "%' " .
- "ORDER BY surname, firstname ";
-my $sth = $dbh->prepare( $query );
-$sth->execute();
+my $sql = qq(SELECT surname, firstname, cardnumber, address, city, zipcode, country
+ FROM borrowers
+ WHERE surname LIKE ?
+ OR firstname LIKE ?
+ OR cardnumber LIKE ?
+ ORDER BY surname, firstname);
+my $sth = $dbh->prepare( $sql );
+$sth->execute("$query%", "$query%", "$query%");
+