renewbook is used by renewscript.pl

Making sure characters are escaped in the database insert

diff --git a/C4/Circulation/Renewals2.pm b/C4/Circulation/Renewals2.pm
index be3393c..702d50b 100755 (executable)
--- a/C4/Circulation/Renewals2.pm
+++ b/C4/Circulation/Renewals2.pm
@@ -224,9 +224,10 @@ sub renewbook {
     my $account="Insert into accountlines
     (borrowernumber,accountno,date,amount,description,accounttype,amountoutstanding,itemnumber)
     values
-    ('$bornum','$accountno',now(),$charge,'Renewal of Rental Item $item->{'title'} $item->{'barcode'}','Rent',$charge,'$itemno')";
+    (?,?,now(),?,?,?,?,?)";
     $sth=$dbh->prepare($account);
-    $sth->execute;
+    $sth->execute($bornum,$accountno,$charge,"Renewal of Rental Item $item->{'title'} $item->{'barcode'}",
+    'Rent',$charge,$itemno)";
     $sth->finish;
 #     print $account;
   }