use CGI;
use C4::Context;
use C4::Output;
-use C4::Search;
-use HTML::Template;
+
use C4::Auth;
use C4::Interface::CGI::Output;
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $count=@data;
- my $query="Select printername,printqueue,printtype from printers where (printername like \"$data[0]%\") order by printername";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $query="";
+ my $sth=$dbh->prepare("Select printername,printqueue,printtype from printers where (printername like ?) order by printername");
+ $sth->execute("$data[0]%");
my @results;
my $cnt=0;
while (my $data=$sth->fetchrow_hashref){
my $input = new CGI;
my $searchfield=$input->param('searchfield');
-my $pkfield="printername";
-my $reqsel="select printername,printqueue,printtype from printers where $pkfield='$searchfield'";
-my $reqdel="delete from printers where $pkfield='$searchfield'";
+my $pkfield="";
+my $reqsel="";
+my $reqdel="";
#my $branchcode=$input->param('branchcode');
my $offset=$input->param('offset');
my $script_name="/cgi-bin/koha/admin/printers.pl";
$searchfield=~ s/\,//g;
my ($template, $loggedinuser, $cookie)
- = get_template_and_user({template_name => "parameters/printers.tmpl",
+ = get_template_and_user({template_name => "admin/printers.tmpl",
query => $input,
type => "intranet",
authnotrequired => 0,
my $data;
if ($searchfield) {
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername='$searchfield'");
- $sth->execute;
+ my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername=?");
+ $sth->execute($searchfield);
$data=$sth->fetchrow_hashref;
$sth->finish;
}
} elsif ($op eq 'add_validate') {
$template->param(add_validate => 1);
my $dbh = C4::Context->dbh;
- my $query = "replace printers (printername,printqueue,printtype) values (";
- $query.= $dbh->quote($input->param('printername')).",";
- $query.= $dbh->quote($input->param('printqueue')).",";
- $query.= $dbh->quote($input->param('printtype')).")";
- my $sth=$dbh->prepare($query);
- $sth->execute;
+ my $sth=$dbh->prepare("replace printers (printername,printqueue,printtype) values (?,?,?)");
+ $sth->execute($input->param('printername'),$input->param('printqueue'),$input->param('printtype'));
$sth->finish;
# END $OP eq ADD_VALIDATE
################## DELETE_CONFIRM ##################################
} elsif ($op eq 'delete_confirm') {
$template->param(delete_confirm => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqsel);
- $sth->execute;
+ my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername=?");
+ $sth->execute($searchfield);
my $data=$sth->fetchrow_hashref;
$sth->finish;
$template->param(printqueue => $data->{'printqueue'},
$template->param(delete_confirmed => 1);
my $dbh = C4::Context->dbh;
- my $sth=$dbh->prepare($reqdel);
- $sth->execute;
+ my $sth=$dbh->prepare("delete from printers where printername=?");
+ $sth->execute($searchfield);
$sth->finish;
# END $OP eq DELETE_CONFIRMED
################## DEFAULT ##################################
}
} #---- END $OP eq DEFAULT
-
+$template->param(intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
+ intranetstylesheet => C4::Context->preference("intranetstylesheet"),
+ IntranetNav => C4::Context->preference("IntranetNav"),
+ );
output_html_with_http_headers $input, $cookie, $template->output;