sub get_itemtypeinfos_of {
my @itemtypes = @_;
- my $query = '
+ my $placeholders = join( ', ', map { '?' } @itemtypes );
+ my $query = <<"END_SQL";
SELECT itemtype,
description,
imageurl,
notforloan
FROM itemtypes
- WHERE itemtype IN (' . join( ',', map( { "'" . $_ . "'" } @itemtypes ) ) . ')
-';
+ WHERE itemtype IN ( $placeholders )
+END_SQL
- return get_infos_of( $query, 'itemtype' );
+ return get_infos_of( $query, 'itemtype', undef, \@itemtypes );
}
# this is temporary until we separate collection codes and item types
=head2 get_infos_of
-Return a href where a key is associated to a href. You give a query, the
-name of the key among the fields returned by the query. If you also give as
-third argument the name of the value, the function returns a href of scalar.
+Return a href where a key is associated to a href. You give a query,
+the name of the key among the fields returned by the query. If you
+also give as third argument the name of the value, the function
+returns a href of scalar. The optional 4th argument is an arrayref of
+items passed to the C<execute()> call. It is designed to bind
+parameters to any placeholders in your SQL.
my $query = '
SELECT itemnumber,
=cut
sub get_infos_of {
- my ( $query, $key_name, $value_name ) = @_;
+ my ( $query, $key_name, $value_name, $bind_params ) = @_;
my $dbh = C4::Context->dbh;
my $sth = $dbh->prepare($query);
- $sth->execute();
+ $sth->execute( @$bind_params );
my %infos_of;
while ( my $row = $sth->fetchrow_hashref ) {
sub displayServers {
my ( $position, $type ) = @_;
- my $dbh = C4::Context->dbh;
- my $strsth = "SELECT * FROM z3950servers where 1";
- $strsth .= " AND position=\"$position\"" if ($position);
- $strsth .= " AND type=\"$type\"" if ($type);
+ my $dbh = C4::Context->dbh;
+
+ my $strsth = 'SELECT * FROM z3950servers';
+ my @where_clauses;
+ my @bind_params;
+
+ if ($position) {
+ push @bind_params, $position;
+ push @where_clauses, ' position = ? ';
+ }
+
+ if ($type) {
+ push @bind_params, $type;
+ push @where_clauses, ' type = ? ';
+ }
+
+ # reassemble where clause from where clause pieces
+ if (@where_clauses) {
+ $strsth .= ' WHERE ' . join( ' AND ', @where_clauses );
+ }
+
my $rq = $dbh->prepare($strsth);
- $rq->execute;
+ $rq->execute(@bind_params);
my @primaryserverloop;
while ( my $data = $rq->fetchrow_hashref ) {
- my %cell;
- $cell{label} = $data->{'description'};
- $cell{id} = $data->{'name'};
- $cell{value} =
- $data->{host}
- . ( $data->{port} ? ":" . $data->{port} : "" ) . "/"
- . $data->{database}
- if ( $data->{host} );
- $cell{checked} = $data->{checked};
push @primaryserverloop,
- {
- label => $data->{description},
- id => $data->{name},
- name => "server",
- value => $data->{host} . ":"
- . $data->{port} . "/"
- . $data->{database},
- encoding => ($data->{encoding}?$data->{encoding}:"iso-5426"),
- checked => "checked",
- icon => $data->{icon},
+ { label => $data->{description},
+ id => $data->{name},
+ name => "server",
+ value => $data->{host} . ":" . $data->{port} . "/" . $data->{database},
+ encoding => ( $data->{encoding} ? $data->{encoding} : "iso-5426" ),
+ checked => "checked",
+ icon => $data->{icon},
zed => $data->{type} eq 'zed',
opensearch => $data->{type} eq 'opensearch'
};