[Koha-patches] [PATCH] Bug 9454 Use placeholders when adding basket

[Colin Campbell]

Should always use placeholders when passing variables
to DBI avoids unforeseen bugs and security issues
reformated the long lists of parameters to add CR
moved the setting of defaults out of the call to ModBasket to
clarify code
Setting parameters to undef if they were not defined
was unnecessary bloat and obscuration
---
 C4/Acquisition.pm | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/C4/Acquisition.pm b/C4/Acquisition.pm
index 4a03e2c..26cf796 100644
--- a/C4/Acquisition.pm
+++ b/C4/Acquisition.pm
@@ -190,18 +190,21 @@ The other parameters are optional, see ModBasketHeader 
for more info on them.
 =cut
 
 sub NewBasket {
-    my ( $booksellerid, $authorisedby, $basketname, $basketnote, 
$basketbooksellernote, $basketcontractnumber, $deliveryplace, $billingplace ) = 
@_;
+    my ( $booksellerid, $authorisedby, $basketname, $basketnote,
+        $basketbooksellernote, $basketcontractnumber, $deliveryplace,
+        $billingplace ) = @_;
     my $dbh = C4::Context->dbh;
-    my $query = "
-        INSERT INTO aqbasket
-                (creationdate,booksellerid,authorisedby)
-        VALUES  (now(),'$booksellerid','$authorisedby')
-    ";
-    my $sth =
-    $dbh->do($query);
-#find & return basketno MYSQL dependant, but $dbh->last_insert_id always 
returns null :-(
-    my $basket = $dbh->{'mysql_insertid'};
-    ModBasketHeader($basket, $basketname || '', $basketnote || '', 
$basketbooksellernote || '', $basketcontractnumber || undef, $booksellerid, 
$deliveryplace || undef, $billingplace || undef );
+    my $query =
+        'INSERT INTO aqbasket (creationdate,booksellerid,authorisedby) '
+      . 'VALUES  (now(),?,?)';
+    $dbh->do( $query, {}, $booksellerid, $authorisedby );
+
+    my $basket = $dbh->{mysql_insertid};
+    $basketname           ||= q{}; # default to empty strings
+    $basketnote           ||= q{};
+    $basketbooksellernote ||= q{};
+    ModBasketHeader( $basket, $basketname, $basketnote, $basketbooksellernote,
+        $basketcontractnumber, $booksellerid, $deliveryplace, $billingplace );
     return $basket;
 }
 
-- 
1.8.1.1.347.g9591fcc

_______________________________________________
Koha-patches mailing list
Koha-patches@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-patches
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/