From 6c71c75a2c117adce474e2dd11343abd3297b4c2 Mon Sep 17 00:00:00 2001
From: "Bradley M. Kuhn" <bkuhn@ebb.org>
Date: Sun, 6 Dec 2015 15:45:22 -0800
Subject: [PATCH] This needs to be a prepared statement.

---
 scripts/db-convert-0.1-to-0.2.plx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/db-convert-0.1-to-0.2.plx b/scripts/db-convert-0.1-to-0.2.plx
index 102245d..2810b99 100644
--- a/scripts/db-convert-0.1-to-0.2.plx
+++ b/scripts/db-convert-0.1-to-0.2.plx
@@ -68,8 +68,8 @@ my $sthInsertRequest = $dbhNew->prepare('INSERT INTO request' .
      "values(?, ?, ?, date('now'), ?," .
      '"import of old database; exact date of this request is unknown")');
 
-my $sthPostalAddress = 'INSERT INTO postal_address(formatted_address, type_id, date_encountered)' .
-                       "VALUES(?, $paypalPayerTypeId, date('now'))";
+my $sthPostalAddress = $dbhNew->prepare('INSERT INTO postal_address(formatted_address, type_id, date_encountered)' .
+                       "VALUES(?, $paypalPayerTypeId, date('now'))");
 
 my $sthOld = $dbhOld->prepare('SELECT * from supporters order by id;');
 $sthOld->execute();