X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=C4%2FMaintainance.pm;h=b8a23c8c3d4f6685ea1d33b0b39e6d78f17d8ccd;hb=3de59aba2776184a6fd2e9943d86a7c66e8f7648;hp=965db6726254e232705a61b0ca8cafa7b1bcf7f7;hpb=eff606ba56974255deb5a6f97605005d2c2ff9c6;p=koha_gimpoz

diff --git a/C4/Maintainance.pm b/C4/Maintainance.pm
index 965db67262..b8a23c8c3d 100644
--- a/C4/Maintainance.pm
+++ b/C4/Maintainance.pm
@@ -51,8 +51,8 @@ miscategorized items, etc.
 =cut
 
 @ISA = qw(Exporter);
-@EXPORT = qw(&listsubjects &updatesub &shiftgroup &deletedbib &undeletebib
-&updatetype);
+@EXPORT = qw(&listsubjects &shiftgroup &deletedbib &undeletebib
+&updatetype &logaction);
 
 =item listsubjects
 
@@ -79,15 +79,17 @@ C<$n> is 0, it will return all matching subjects.
 sub listsubjects {
   my ($sub,$num,$offset)=@_;
   my $dbh = C4::Context->dbh;
-  my $query="Select * from bibliosubject where subject like '$sub%' group by subject";
+  my $query="Select * from bibliosubject where subject like ? group by subject";
+  my @bind = ("$sub%");
   # FIXME - Make $num and $offset optional.
   # If $num was given, make sure $offset was, too.
   if ($num != 0){
-    $query.=" limit $offset,$num";
+    $query.=" limit ?,?";
+    push(@bind,$offset,$num);
   }
   my $sth=$dbh->prepare($query);
 #  print $query;
-  $sth->execute;
+  $sth->execute(@bind);
   my @results;
   my $i=0;
   while (my $data=$sth->fetchrow_hashref){
@@ -98,27 +100,6 @@ sub listsubjects {
   return($i,\@results);
 }
 
-=item updatesub
-
-  &updatesub($newsubject, $oldsubject);
-
-Renames a subject from C<$oldsubject> to C<$newsubject> in the
-bibliosubject table of the Koha database.
-
-=cut
-#'
-sub updatesub{
-  my ($sub,$oldsub)=@_;
-  my $dbh = C4::Context->dbh;
-  $sub=$dbh->quote($sub);
-  $oldsub=$dbh->quote($oldsub);
-  # FIXME - Just use $dbh->do();
-  my $query="update bibliosubject set subject=$sub where subject=$oldsub";
-  my $sth=$dbh->prepare($query);
-  $sth->execute;
-  $sth->finish;
-}
-
 =item shiftgroup
 
   &shiftgroup($biblionumber, $biblioitemnumber);
@@ -130,17 +111,13 @@ C<$biblionumber> is the biblionumber to associate it with.
 =cut
 #'
 sub shiftgroup{
-  my ($bib,$bi)=@_;
+  my ($biblionumber,$bi)=@_;
   my $dbh = C4::Context->dbh;
-  # FIXME - Just use $dbh->do();
-  my $query="update biblioitems set biblionumber=$bib where biblioitemnumber=$bi";
-  my $sth=$dbh->prepare($query);
-  $sth->execute;
+  my $sth=$dbh->prepare("update biblioitems set biblionumber=? where biblioitemnumber=?");
+  $sth->execute($biblionumber,$bi);
   $sth->finish;
-  # FIXME - Just use $dbh->do();
-  $query="update items set biblionumber=$bib where biblioitemnumber=$bi";
-  $sth=$dbh->prepare($query);
-  $sth->execute;
+  $sth=$dbh->prepare("update items set biblionumber=? where biblioitemnumber=?");
+  $sth->execute($biblionumber,$bi);
   $sth->finish;
 }
 
@@ -160,9 +137,8 @@ is the number of elements in C<$results>.
 sub deletedbib{
   my ($title)=@_;
   my $dbh = C4::Context->dbh;
-  my $query="Select * from deletedbiblio where title like '$title%' order by title";
-  my $sth=$dbh->prepare($query);
-  $sth->execute;
+  my $sth=$dbh->prepare("Select * from deletedbiblio where title like ? order by title");
+  $sth->execute("$title%");
   my @results;
   my $i=0;
   while (my $data=$sth->fetchrow_hashref){
@@ -184,29 +160,25 @@ moves its entry to the biblio table.
 =cut
 #'
 sub undeletebib{
-  my ($bib)=@_;
+  my ($biblionumber)=@_;
   my $dbh = C4::Context->dbh;
-  my $query="select * from deletedbiblio where biblionumber=$bib";
-  my $sth=$dbh->prepare($query);
-  $sth->execute;
+  my $sth=$dbh->prepare("select * from deletedbiblio where biblionumber=?");
+  $sth->execute($biblionumber);
   if (my @data=$sth->fetchrow_array){
     $sth->finish;
     # FIXME - Doesn't this keep the same biblionumber? Isn't this
     # forbidden by the definition of 'biblio'? Or doesn't it matter?
-    $query="Insert into biblio values (";
-    foreach my $temp (@data){
-      $temp=~ s/\'/\\\'/g;
-      $query .= "'$temp',";
-    }
+    my $query="INSERT INTO biblio VALUES (";
+   my $count = @data;
+    $query .= ("?," x $count);
     $query=~ s/\,$/\)/;
     #   print $query;
     $sth=$dbh->prepare($query);
-    $sth->execute;
+    $sth->execute(@data);
     $sth->finish;
   }
-  $query="Delete from deletedbiblio where biblionumber=$bib";
-  $sth=$dbh->prepare($query);
-  $sth->execute;
+  $sth=$dbh->prepare("DELETE FROM deletedbiblio WHERE biblionumber=?");
+  $sth->execute($biblionumber);
   $sth->finish;
 }
 
@@ -222,9 +194,8 @@ C<$itemtype>.
 sub updatetype{
   my ($bi,$type)=@_;
   my $dbh = C4::Context->dbh;
-  # FIXME - Use $dbh->do(...);
-  my $sth=$dbh->prepare("Update biblioitems set itemtype='$type' where biblioitemnumber=$bi");
-  $sth->execute;
+  my $sth=$dbh->prepare("Update biblioitems set itemtype=? where biblioitemnumber=?");
+  $sth->execute($type,$bi);
   $sth->finish;
 }