Ignore:
Timestamp:
09/23/10 20:47:50 (14 years ago)
Author:
Kris Deugau
Message:

/branches/htmlform

Fix allocation update execution to use DBI ? substitutions. See #34.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/htmlform/cgi-bin/main.cgi

    r479 r492  
    10701070    my $sql;
    10711071    if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) {
    1072       $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',".
    1073         "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'".
     1072      $sql = "UPDATE poolips SET custid='$webvar{custid}',".
     1073        "city=?,description=?,notes=?,".
     1074        "circuitid='$webvar{circid}',".
    10741075        "$privdata where ip='$webvar{block}'";
    10751076    } else {
    1076       $sql = "update allocations set custid='$webvar{custid}',".
    1077         "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',".
    1078         "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata,".
     1077      $sql = "UPDATE allocations SET custid='$webvar{custid}',".
     1078        "city=?,description=?,notes=?,".
     1079        "circuitid='$webvar{circid}'$privdata,".
     1080        "type='$webvar{alloctype}',".
    10791081        "swip='".($webvar{swip} eq 'on' ? 'y' : 'n')."' ".
    10801082        "where cidr='$webvar{block}'";
     
    10831085    syslog "debug", $sql;
    10841086    $sth = $ip_dbh->prepare($sql);
    1085     $sth->execute;
     1087    $sth->execute($webvar{city}, $webvar{desc}, $webvar{notes});
    10861088## node hack
    10871089    if ($webvar{node}) {
     1090      # done with delete/insert so we don't have to worry about funkyness updating a node ref that isn't there
    10881091      $ip_dbh->do("DELETE FROM noderef WHERE block='$webvar{block}'");
    10891092      $sth = $ip_dbh->prepare("INSERT INTO noderef (block,node_id) VALUES (?,?)");
Note: See TracChangeset for help on using the changeset viewer.