Revision 93a4e424
Von Moritz Bunkus vor mehr als 17 Jahren hinzugefügt
| SL/DBUtils.pm | ||
|---|---|---|
| 4 | 4 |
@ISA = qw(Exporter); |
| 5 | 5 |
|
| 6 | 6 |
@EXPORT = qw(conv_i conv_date conv_dateq do_query selectrow_query do_statement |
| 7 |
dump_query quote_db_date selectall_hashref_query |
|
| 8 |
selectfirst_hashref_query selectfirst_array_query |
|
| 9 |
prepare_execute_query); |
|
| 7 |
dump_query quote_db_date |
|
| 8 |
selectfirst_hashref_query selectfirst_array_query |
|
| 9 |
selectall_hashref_query selectall_array_query |
|
| 10 |
prepare_execute_query prepare_query); |
|
| 10 | 11 |
|
| 11 | 12 |
sub conv_i {
|
| 12 | 13 |
my ($value, $default) = @_; |
| ... | ... | |
| 82 | 83 |
return "'$str'"; |
| 83 | 84 |
} |
| 84 | 85 |
|
| 86 |
sub prepare_query {
|
|
| 87 |
my ($form, $dbh, $query) = splice(@_, 0, 3); |
|
| 88 |
|
|
| 89 |
dump_query(LXDebug::QUERY, '', $query, @_); |
|
| 90 |
|
|
| 91 |
my $sth = $dbh->prepare($query) || $form->dberror($query); |
|
| 92 |
return $sth; |
|
| 93 |
} |
|
| 94 |
|
|
| 85 | 95 |
sub prepare_execute_query {
|
| 86 | 96 |
my ($form, $dbh, $query) = splice(@_, 0, 3); |
| 87 | 97 |
|
| ... | ... | |
| 110 | 120 |
return $result; |
| 111 | 121 |
} |
| 112 | 122 |
|
| 123 |
sub selectall_array_query {
|
|
| 124 |
my ($form, $dbh, $query) = splice(@_, 0, 3); |
|
| 125 |
|
|
| 126 |
my $sth = prepare_execute_query($form, $dbh, $query, @_); |
|
| 127 |
my @result; |
|
| 128 |
while (my ($value) = $sth->fetchrow_array()) {
|
|
| 129 |
push(@result, $value); |
|
| 130 |
} |
|
| 131 |
$sth->finish(); |
|
| 132 |
|
|
| 133 |
return @result; |
|
| 134 |
} |
|
| 135 |
|
|
| 113 | 136 |
sub selectfirst_hashref_query {
|
| 114 | 137 |
my ($form, $dbh, $query) = splice(@_, 0, 3); |
| 115 | 138 |
|
Auch abrufbar als: Unified diff
CT.pm auf die Verwendung von parametrisierten Queries zur Vermeidung von SQL injection umgestellt. Dabei Restfunktionalität von customertax und vendortax entfernt. Mehr Datenbankhilfsfunktionen hinzugefügt.