[Koha-devel] Re: [Koha] Some question: postgres, italian, ...

[Alan Millar]

This conversation came up on the main Koha list:

> From: Marco Gaiarin <address@hidden>

> > Having said that, im sure some mysqlisms have crept into the code over
> > the last 2-3 years. So im sure a little bit of code cleanup will be
> > needed as well.
> 
> As i suppose, i've found a bunch of this. e.g., in 
> 
> --- ./cgi-bin/admin/currency.pl~      Mon Jul  1 16:59:55 2002
> +++ ./cgi-bin/admin/currency.pl       Mon Jul  1 17:09:37 2002
> @@ -31,7 +31,7 @@
>       $searchstring=~ s/\'/\\\'/g;
>       my @data=split(' ',$searchstring);
>       my address@hidden;
> -     my $query="Select currency,rate from currency where (currency like 
> \"$data[0]%\") order by currency";
> +     my $query="Select currency,rate from currency where (currency like 
> '$data[0]%') order by currency";
>       my $sth=$dbh->prepare($query);
>       $sth->execute;
>       my @results;
> 
> Postgres use " for strict escape (inside "", % is a normal character),
> and ' for normal character enclosing (so inside '' % is a wildcard
> matching char as supposed).
> Clearly all file have to be changed, and need to be verified there's no
> ' character in strings, really common in italian.

In my opinion, this is another very good reason to use the DBI bound
parameters and stop using $dbh->quote.

This should really by done as:

  my $query="Select currency,rate from currency 
      where (currency like ?) 
      order by currency";
  my $sth=$dbh->prepare($query);
  $sth->execute($data[0] . '%');

or similar.  Then we don't have to worry about Italian using apostrophes, etc.

- Alan

----
Alan Millar     --==> address@hidden <==--