From e6ff5b36ffde73f09114028ce963a37fe0eec3a4 Mon Sep 17 00:00:00 2001
From: jasonjayr <jasonjayr@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Mon, 30 Oct 2006 05:48:15 +0000
Subject:  r457@eva:  mystik | 2006-10-30 00:38:30 -0500  Further refined the
 fix, when the if went into the first case, the SQL Statement didn't need all
 those bound values, and it emitted a warning when  you did an update in the
 hr/save existing employee

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@386 4979c152-3d1c-0410-bac9-87ea11338e46
---
 LedgerSMB/User.pm | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

(limited to 'LedgerSMB')

diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm
index f8d8d92e..c1e0642f 100755
--- a/LedgerSMB/User.pm
+++ b/LedgerSMB/User.pm
@@ -783,29 +783,33 @@ sub save_member {
 		my ($id) = $sth->fetchrow_array;
 		$sth->finish;
 		my $employeenumber;
+		my @values;
 		if ($id) {
 
 			$query = qq|UPDATE employee SET
-			role = '$self->{role}',
-			email = '$self->{email}',
-			name = '$self->{name}'
-			WHERE login = '$login'|;
+			role = ?,
+			email = ?, 
+			name = ?
+			WHERE login = ?|;
+
+			@values = ($self->{role}, $self->{email}, $self->{name}, $login);
 
 		} else {
 
-			($employeenumber) = Form::update_defaults(
+			my ($employeenumber) = Form::update_defaults(
 				"", \%$self, "employeenumber", $dbh);
 			$query = qq|
 				INSERT INTO employee 
 				            (login, employeenumber, name, 
 				            workphone, role, email, sales)
 				    VALUES (?, ?, ?, ?, ?, ?, '1')|;
+			
+			@values = ($login, $employeenumber, $self->{name}, $self->{tel},
+			$self->{role}, $self->{email})
 		}
 
 		$sth = $dbh->prepare($query);
-		$sth->execute(
-			$login, $employeenumber, $self->{name}, $self->{tel},
-			$self->{role}, $self->{email});
+		$sth->execute(@values);
 		$dbh->commit;
 		$dbh->disconnect;
 
-- 
cgit v1.2.3