sub updatesub{
my ($sub,$oldsub)=@_;
my $dbh=C4Connect;
- my $query="update bibliosubject set subject='$sub' where subject='$oldsub'";
+ $sub=$dbh->quote($sub);
+ $oldsub=$dbh->quote($oldsub);
+ my $query="update bibliosubject set subject=$sub where subject=$oldsub";
my $sth=$dbh->prepare($query);
$sth->execute;
$sth->finish;
for (my $i=0;$i<$count;$i++){
my $sub2=$results->[$i]->{'subject'};
$sub2=~ s/ /%20/g;
+ $sub2=~ s/\'/%27/g;
print "\"<a href=\"/cgi-bin/koha/maint/catmaintain.pl?type=allsub&sub=$sub\" onclick=\'messenger(\"/cgi-bin/koha/maint/catmaintain.pl?type=modsub&sub=$sub2\");window1.focus()\'>$results->[$i]->{'subject'}\"</a><br>\n";
}
} elsif ($type eq 'modsub'){
print "<form action=/cgi-bin/koha/search.pl method=post>";
print "<input type=hidden name=type value=catmain>";
print "Show all Titles beginning with <input type=text name=title><br>";
+ print "Item Number <INPUT TYPE=\"text\" SIZE=\"25\" NAME=\"item\"><br>";
print "<input type=submit value=Show>";
print "</form>";
print "<p>";