Revision b96aeec0
Von Bernd Bleßmann vor fast 8 Jahren hinzugefügt
bin/mozilla/am.pl | ||
---|---|---|
1251 | 1251 |
$restriction .= qq| AND employee_id = (SELECT id FROM employee WHERE name ILIKE | . $dbh->quote('%' . $form->{mitarbeiter} . '%') . qq|)|; |
1252 | 1252 |
} |
1253 | 1253 |
|
1254 |
my $query = qq|SELECT trans_id AS id FROM history_erp | . |
|
1255 |
( $form->{'searchid'} ? qq| WHERE snumbers = '| . $searchNo{$form->{'what2search'}} . qq|_| . $form->{'searchid'} . qq|'| |
|
1256 |
: qq| WHERE snumbers ~ '^| . $searchNo{$form->{'what2search'}} . qq|'|); |
|
1254 |
my $snumbers_where = ''; |
|
1255 |
my $snumbers_value; |
|
1256 |
if ($form->{'searchid'}) { |
|
1257 |
$snumbers_where = ' WHERE snumbers = ?'; |
|
1258 |
$snumbers_value = $searchNo{$form->{'what2search'}} . '_' . $form->{'searchid'}; |
|
1259 |
} else { |
|
1260 |
$snumbers_where = ' WHERE snumbers ~ ?'; |
|
1261 |
$snumbers_value = '^' . $searchNo{$form->{'what2search'}}; |
|
1262 |
} |
|
1263 |
my $query = qq|SELECT trans_id AS id FROM history_erp $snumbers_where|; |
|
1257 | 1264 |
|
1258 |
my @ids = grep { $_ * 1 } selectall_array_query($form, $dbh, $query); |
|
1265 |
my @ids = grep { $_ * 1 } selectall_array_query($form, $dbh, $query, $snumbers_value);
|
|
1259 | 1266 |
my $daten .= shift @ids; |
1260 | 1267 |
if (scalar(@ids) > 0 ) { |
1261 | 1268 |
$daten .= ' OR trans_id IN (' . join(',', @ids) . ')'; |
Auch abrufbar als: Unified diff
Historien Suchmaschine: SQL-Injektion verhindern.