added use of method bind_param_generic_fetch to allow binding parameters when...

added use of method bind_param_generic_fetch to allow binding parameters when using the generic fetch method

modules/Bio/EnsEMBL/DBSQL/ExonAdaptor.pm

@@ -125,7 +125,9 @@ sub _final_clause {
 sub fetch_by_stable_id {
   my ($self, $stable_id) = @_;
 
-  my $constraint = "esi.stable_id = '$stable_id' AND e.is_current = 1";
+  my $constraint = "esi.stable_id = ? AND e.is_current = 1";
+
+  $self->bind_param_generic_fetch($stable_id,SQL_VARCHAR);
   my ($exon) = @{ $self->generic_fetch($constraint) };
 
   return $exon;
@@ -150,7 +152,9 @@ sub fetch_by_stable_id {
 sub fetch_all_versions_by_stable_id {
   my ($self, $stable_id) = @_;
 
-  my $constraint = "esi.stable_id = '$stable_id'";
+  my $constraint = "esi.stable_id = ?";
+
+  $self->bind_param_generic_fetch($stable_id,SQL_VARCHAR);
 
   return $self->generic_fetch($constraint);
 }

modules/Bio/EnsEMBL/DBSQL/GeneAdaptor.pm

@@ -174,7 +174,8 @@ sub fetch_by_display_label {
   my $self = shift;
   my $label = shift;
 
-  my $constraint = "x.display_label = '$label' AND g.is_current = 1";
+  my $constraint = "x.display_label = ? AND g.is_current = 1";
+  $self->bind_param_generic_fetch($label,SQL_VARCHAR);
   my ($gene) = @{ $self->generic_fetch($constraint) };
 
   return $gene;
@@ -203,7 +204,8 @@ sub fetch_by_display_label {
 sub fetch_by_stable_id {
   my ($self, $stable_id) = @_;
 
-  my $constraint = "gsi.stable_id = '$stable_id' AND g.is_current = 1";
+  my $constraint = "gsi.stable_id = ? AND g.is_current = 1";
+  $self->bind_param_generic_fetch($stable_id,SQL_VARCHAR);
   my ($gene) = @{ $self->generic_fetch($constraint) };
 
   return $gene;
@@ -232,7 +234,8 @@ sub fetch_by_stable_id {
 sub fetch_all_by_biotype {
   my ($self, $biotype) = @_;
 
-  my $constraint = "g.biotype = '$biotype' and g.is_current = 1" ;
+  my $constraint = "g.biotype = ? and g.is_current = 1" ;
+  $self->bind_param_generic_fetch($biotype,SQL_VARCHAR);
   my @genes  = @{ $self->generic_fetch($constraint) };
   return \@genes ;
 }
@@ -257,8 +260,8 @@ sub fetch_all_by_biotype {
 sub fetch_all_versions_by_stable_id {
   my ($self, $stable_id) = @_;
 
-  my $constraint = "gsi.stable_id = '$stable_id'";
-
+  my $constraint = "gsi.stable_id = ?";
+  $self->bind_param_generic_fetch($stable_id,SQL_VARCHAR);
   return $self->generic_fetch($constraint);
 }
 

modules/Bio/EnsEMBL/DBSQL/OligoArrayAdaptor.pm

@@ -64,7 +64,9 @@ sub fetch_by_name {
     my $self = shift;
     my $name = shift;
     
-    my $result = $self->generic_fetch("oa.name = '$name'");
+    $self->bind_param_generic_fetch($name,SQL_VARCHAR);
+
+    my $result = $self->generic_fetch("oa.name = ?");
 	
     if (scalar @$result > 1) {
 		warning("Array $name is not unique in the database, but only one result has been returned");
@@ -92,7 +94,8 @@ sub fetch_all_by_type {
 	
 	my $constraint;
 	if (scalar @types == 1) {
-		$constraint = qq( oa.type = '$types[0]' );
+		$constraint = qq( oa.type = ? );
+		$self->bind_param_generic_fetch($types[0],SQL_VARCHAR);
 	} else {
 		$constraint = join q(','), @types;
 		$constraint = qq( oa.type IN ('$constraint') );

modules/Bio/EnsEMBL/DBSQL/OligoFeatureAdaptor.pm

@@ -71,7 +71,8 @@ sub fetch_all_by_Probe {
 		throw('fetch_all_by_Probe requires a stored Bio::EnsEMBL::OligoProbe object');
 	}
 	
-	return $self->generic_fetch( 'of.oligo_probe_id = ' . $probe->dbID() );
+	$self->bind_param_generic_fetch($probe->dbID(),SQL_INTEGER);
+	return $self->generic_fetch( 'of.oligo_probe_id = ?' );
 }
 
 =head2 fetch_all_by_probeset
@@ -94,7 +95,8 @@ sub fetch_all_by_probeset {
 		throw('fetch_all_by_probeset requires a probeset argument');
 	}
 	
-	return $self->generic_fetch( "op.probeset = '$probeset'" );
+	$self->bind_param_generic_fetch($probeset,SQL_VARCHAR);
+	return $self->generic_fetch( "op.probeset = ?" );
 }
 
 =head2 fetch_all_by_Slice_arrayname

modules/Bio/EnsEMBL/DBSQL/OligoProbeAdaptor.pm

@@ -117,7 +117,8 @@ sub fetch_all_by_probeset {
 	my $self     = shift;
 	my $probeset = shift;
 
-	return $self->generic_fetch("op.probeset = '$probeset'");
+	$self->bind_param_generic_fetch($probeset,SQL_VARCHAR);
+	return $self->generic_fetch("op.probeset = ?");
 }
 
 =head2 fetch_all_by_Array
@@ -147,7 +148,8 @@ sub fetch_all_by_Array {
 		return [];
 	}
 	
-	return $self->generic_fetch("op.oligo_array_id = $array_id");
+	$self->bind_param_generic_fetch($array_id, SQL_INTEGER);
+	return $self->generic_fetch("op.oligo_array_id = ?");
 }
 
 =head2 fetch_by_OligoFeature

modules/Bio/EnsEMBL/DBSQL/PredictionTranscriptAdaptor.pm

@@ -109,7 +109,8 @@ sub fetch_by_stable_id {
 
   my $syn = $self->_tables()->[1];
 
-  my $pts = $self->generic_fetch("$syn.display_label = '$stable_id'");
+  $self->bind_param_generic_fetch($stable_id,SQL_VARCHAR);
+  my $pts = $self->generic_fetch("$syn.display_label = ?");
 
   return (@$pts) ? $pts->[0] : undef;
 }

modules/Bio/EnsEMBL/DBSQL/TranscriptAdaptor.pm

@@ -130,7 +130,10 @@ sub _left_join {
 sub fetch_by_stable_id {
   my ($self, $stable_id) = @_;
 
-  my $constraint = "tsi.stable_id = '$stable_id' AND t.is_current = 1";
+  my $constraint = "tsi.stable_id = ? AND t.is_current = 1";
+
+  $self->bind_param_generic_fetch($stable_id,SQL_VARCHAR);
+
   my ($transcript) = @{ $self->generic_fetch($constraint) };
 
   return $transcript;
@@ -155,7 +158,9 @@ sub fetch_by_stable_id {
 sub fetch_all_versions_by_stable_id {
   my ($self, $stable_id) = @_;
 
-  my $constraint = "tsi.stable_id = '$stable_id'";
+  my $constraint = "tsi.stable_id = ?";
+
+  $self->bind_param_generic_fetch($stable_id,SQL_VARCHAR);
 
   return $self->generic_fetch($constraint);
 }
@@ -474,7 +479,10 @@ sub fetch_by_display_label {
   my $self = shift;
   my $label = shift;
 
-  my $constraint = "x.display_label = '$label' AND t.is_current = 1";
+  my $constraint = "x.display_label = ? AND t.is_current = 1";
+
+  $self->bind_param_generic_fetch($label,SQL_VARCHAR);
+
   my ($transcript) = @{ $self->generic_fetch($constraint) };
 
   return $transcript;

modules/Bio/EnsEMBL/DBSQL/UnmappedObjectAdaptor.pm

@@ -320,7 +320,8 @@ sub fetch_all_by_type {
   unless($type) {
     throw("type argument is required");
   }
-  $self->generic_fetch("uo.type = \'$type\'");
+  $self->bind_param_generic_fetch($type,SQL_VARCHAR);
+  $self->generic_fetch("uo.type = ?");
   
 }
 
@@ -345,7 +346,8 @@ sub fetch_all_by_analysis {
   unless($analysis) {
     throw("analysis argument is required");
   }
-  my $constraint = "uo.analysis_id = ".$analysis->dbID;
+  $self->bind_param_generic_fetch($analysis->dbID,SQL_INTEGER);
+  my $constraint = "uo.analysis_id = ?";
   if(defined($dbname)){
     my $db_id =0;
     my $sth = $self->prepare('select external_db_id from external_db where db_name like "'.
@@ -356,9 +358,9 @@ sub fetch_all_by_analysis {
     if(!defined($db_id) or $db_id == 0){
       throw("$dbname could not be found in the external database table\n");
     }
-    $constraint .= " AND uo.external_db_id = $db_id";
+    $self->bind_param_generic_fetch($db_id,SQL_INTEGER);
+    $constraint .= " AND uo.external_db_id = ?";
   }
-  #print $constraint."\n";
   $self->generic_fetch($constraint);
   
 }
@@ -383,7 +385,9 @@ sub fetch_by_identifier {
   unless($identifier) {
     throw("identifier argument is required");
   }
-  my $constraint = 'uo.identifier like "'.$identifier.'"';
+  $self->bind_param_generic_fetch($identifier,SQL_VARCHAR);
+  my $constraint = 'uo.identifier like ?';
+
   if(defined($dbname)){
     my $db_id =0;
     my $sth = $self->prepare('select external_db_id from external_db where db_name like "'.
@@ -394,9 +398,9 @@ sub fetch_by_identifier {
     if(!defined($db_id) or $db_id == 0){
       throw("$dbname could not be found in the external database table\n");
     }
-    $constraint .= " AND uo.external_db_id = $db_id";
+    $self->bind_param_generic_fetch($db_id,SQL_INTEGER);
+    $constraint .= " AND uo.external_db_id = ?";
   }
-  # print $constraint."\n";
   return $self->generic_fetch($constraint);
 }