bugfix : use of '$var' instead of ? in sql statement

diff --git a/value_builder/unimarc_field_700_701_702.pl b/value_builder/unimarc_field_700_701_702.pl
index d0009ce..dd899d0 100644 (file)
--- a/value_builder/unimarc_field_700_701_702.pl
+++ b/value_builder/unimarc_field_700_701_702.pl
@@ -121,8 +121,8 @@ sub plugin {
        }
        if ($search_string) {
        #       my $sti=$dbh->prepare("select id,freelib from bibliothesaurus where freelib like '".$search_string."%' and category ='$category'");
-               my $sti=$dbh->prepare("select id,freelib from bibliothesaurus where match (category,freelib) AGAINST ('$search_string') and category ='NP'");
-               $sti->execute;
+               my $sti=$dbh->prepare("select id,freelib from bibliothesaurus where match (category,freelib) AGAINST (?) and category ='NP'");
+               $sti->execute($search_string);
                while (my $line=$sti->fetchrow_hashref) {
                        $stdlib{$line->{'id'}} = "$line->{'freelib'}";
                        push(@freelib,$line->{'id'});