use C4::Output;
use CGI;
use HTML::Template;
+use C4::Auth;
my $input = new CGI;
my $type=$input->param('type');
my $theme = $input->param('theme'); # only used if allowthemeoverride is set
-my %tmpldata = pathtotemplate ( template => 'overdue.tmpl', theme => $theme);
-my $template = HTML::Template->new( filename => $tmpldata{'path'},
- die_on_bad_params => 0);
+
+my ($template, $loggedinuser, $cookie)
+ = get_template_and_user({template_name => "overdue.tmpl",
+ query => $input,
+ type => "intranet",
+ authnotrequired => 0,
+ flagsrequired => {borrowers => 1},
+ debug => 1,
+ });
my $duedate;
my $bornum;
my $itemnum;
my $dbh = C4::Context->dbh;
-my $query="select date_due,borrowernumber,itemnumber from issues where isnull(returndate) && date_due<'$todaysdate' order by date_due,borrowernumber";
-my $sth=$dbh->prepare($query);
-$sth->execute;
+my $sth=$dbh->prepare("select date_due,borrowernumber,itemnumber from issues where isnull(returndate) && date_due<? order by date_due,borrowernumber");
+$sth->execute($todaysdate);
my @overduedata;
while (my $data=$sth->fetchrow_hashref) {
$bornum=$data->{'borrowernumber'};
$itemnum=$data->{'itemnumber'};
- my $query="select concat(firstname,' ',surname),phone,emailaddress from borrowers where borrowernumber='$bornum'";
- my $sth1=$dbh->prepare($query);
- $sth1->execute;
+ my $sth1=$dbh->prepare("select concat(firstname,' ',surname),phone,emailaddress from borrowers where borrowernumber=?");
+ $sth1->execute($bornum);
$data1=$sth1->fetchrow_hashref;
$name=$data1->{'concat(firstname,\' \',surname)'};
$phone=$data1->{'phone'};
$email=$data1->{'emailaddress'};
$sth1->finish;
- # FIXME - There's already a $query in this scope.
- my $query="select biblionumber from items where itemnumber='$itemnum'";
- my $sth2=$dbh->prepare($query);
- $sth2->execute;
+ my $sth2=$dbh->prepare("select biblionumber from items where itemnumber=?");
+ $sth2->execute($itemnum);
$data2=$sth2->fetchrow_hashref;
$biblionumber=$data2->{'biblionumber'};
$sth2->finish;
- # FIXME - There's already a $query in this scope.
- my $query="select title,author from biblio where biblionumber='$biblionumber'";
- my $sth3=$dbh->prepare($query);
- $sth3->execute;
+ my $sth3=$dbh->prepare("select title,author from biblio where biblionumber=?");
+ $sth3->execute($biblionumber);
$data3=$sth3->fetchrow_hashref;
$title=$data3->{'title'};
$author=$data3->{'author'};
$sth->finish;
-$template->param( startmenureport => join ('', startmenu('report')),
- endmenureport => join ('', endmenu('report')),
- todaysdate => $todaysdate,
+$template->param( todaysdate => $todaysdate,
overdueloop => \@overduedata );
print "Content-Type: text/html\n\n", $template->output;