Revision ef17e41a
Von Moritz Bunkus vor fast 18 Jahren hinzugefügt
| SL/IS.pm | ||
|---|---|---|
| 711 | 711 |
$sth->execute || $form->dberror($query); |
| 712 | 712 |
|
| 713 | 713 |
if ($sth->fetchrow_array) {
|
| 714 |
$form->update_balance($dbh, "parts", "onhand", |
|
| 715 |
qq|id = $form->{"id_$i"}|,
|
|
| 716 |
$baseqty * -1) |
|
| 714 |
$form->update_balance($dbh, "parts", "onhand", qq|id = ?|, |
|
| 715 |
$baseqty * -1, $form->{"id_$i"})
|
|
| 717 | 716 |
unless $form->{shipped};
|
| 718 | 717 |
} |
| 719 | 718 |
$sth->finish; |
| ... | ... | |
| 721 | 720 |
# record assembly item as allocated |
| 722 | 721 |
&process_assembly($dbh, $form, $form->{"id_$i"}, $baseqty);
|
| 723 | 722 |
} else {
|
| 724 |
$form->update_balance($dbh, "parts", "onhand", |
|
| 725 |
qq|id = $form->{"id_$i"}|,
|
|
| 726 |
$baseqty * -1) |
|
| 723 |
$form->update_balance($dbh, "parts", "onhand", qq|id = ?|, |
|
| 724 |
$baseqty * -1, $form->{"id_$i"})
|
|
| 727 | 725 |
unless $form->{shipped};
|
| 728 | 726 |
|
| 729 | 727 |
$allocated = &cogs($dbh, $form, $form->{"id_$i"}, $baseqty, $basefactor, $i);
|
Auch abrufbar als: Unified diff
Umstellung der Form.pm auf die Verwendung parametrisierter Queries zur Vermeidung von SQL injection. Zusätzlich etwas Kosmetik (trailing whitespace, TABs entfernt).