[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Koha-devel] Re: [Koha] Some question: postgres, italian, ...
From: |
Alan Millar |
Subject: |
[Koha-devel] Re: [Koha] Some question: postgres, italian, ... |
Date: |
Wed Jul 3 12:12:28 2002 |
User-agent: |
Mutt/1.2.5i |
This conversation came up on the main Koha list:
> From: Marco Gaiarin <address@hidden>
> > Having said that, im sure some mysqlisms have crept into the code over
> > the last 2-3 years. So im sure a little bit of code cleanup will be
> > needed as well.
>
> As i suppose, i've found a bunch of this. e.g., in
>
> --- ./cgi-bin/admin/currency.pl~ Mon Jul 1 16:59:55 2002
> +++ ./cgi-bin/admin/currency.pl Mon Jul 1 17:09:37 2002
> @@ -31,7 +31,7 @@
> $searchstring=~ s/\'/\\\'/g;
> my @data=split(' ',$searchstring);
> my address@hidden;
> - my $query="Select currency,rate from currency where (currency like
> \"$data[0]%\") order by currency";
> + my $query="Select currency,rate from currency where (currency like
> '$data[0]%') order by currency";
> my $sth=$dbh->prepare($query);
> $sth->execute;
> my @results;
>
> Postgres use " for strict escape (inside "", % is a normal character),
> and ' for normal character enclosing (so inside '' % is a wildcard
> matching char as supposed).
> Clearly all file have to be changed, and need to be verified there's no
> ' character in strings, really common in italian.
In my opinion, this is another very good reason to use the DBI bound
parameters and stop using $dbh->quote.
This should really by done as:
my $query="Select currency,rate from currency
where (currency like ?)
order by currency";
my $sth=$dbh->prepare($query);
$sth->execute($data[0] . '%');
or similar. Then we don't have to worry about Italian using apostrophes, etc.
- Alan
----
Alan Millar --==> address@hidden <==--
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Koha-devel] Re: [Koha] Some question: postgres, italian, ...,
Alan Millar <=