This is an automated email from the ASF dual-hosted git repository. ptuomola pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 43e038e5a61d5a06cf63ac99913a83acb4aaba9b Author: Joseph Makara <[email protected]> AuthorDate: Sun Mar 21 12:38:58 2021 +0300 FINERACT-854 Use prepared statements instead of string concatenated SQL everywhere PART 1 --- .../service/ProvisioningEntriesReadPlatformServiceImpl.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java index 69ec728..89059b1 100644 --- a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java +++ b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java @@ -58,26 +58,26 @@ public class ProvisioningEntriesReadPlatformServiceImpl implements ProvisioningE public Collection<LoanProductProvisioningEntryData> retrieveLoanProductsProvisioningData(Date date) { String formattedDate = new SimpleDateFormat("yyyy-MM-dd").format(date); formattedDate = "'" + formattedDate + "'"; - LoanProductProvisioningEntryMapper mapper = new LoanProductProvisioningEntryMapper(formattedDate); + LoanProductProvisioningEntryMapper mapper = new LoanProductProvisioningEntryMapper(); final String sql = mapper.schema(); - return this.jdbcTemplate.query(sql, mapper, new Object[] {}); + return this.jdbcTemplate.query(sql, mapper, new Object[] {formattedDate, formattedDate, formattedDate}); } private static final class LoanProductProvisioningEntryMapper implements RowMapper<LoanProductProvisioningEntryData> { private final StringBuilder sqlQuery; - private LoanProductProvisioningEntryMapper(String formattedDate) { + private LoanProductProvisioningEntryMapper() { sqlQuery = new StringBuilder().append( "select if(loan.loan_type_enum=1, mclient.office_id, mgroup.office_id) as office_id, loan.loan_type_enum, pcd.criteria_id as criteriaid, loan.product_id,loan.currency_code,") - .append("GREATEST(datediff(").append(formattedDate) + .append("GREATEST(datediff(?") .append(",sch.duedate),0) as numberofdaysoverdue,sch.duedate, pcd.category_id, pcd.provision_percentage,") .append("loan.total_outstanding_derived as outstandingbalance, pcd.liability_account, pcd.expense_account from m_loan_repayment_schedule sch") .append(" LEFT JOIN m_loan loan on sch.loan_id = loan.id") .append(" JOIN m_loanproduct_provisioning_mapping lpm on lpm.product_id = loan.product_id") .append(" JOIN m_provisioning_criteria_definition pcd on pcd.criteria_id = lpm.criteria_id and ") - .append("(pcd.min_age <= GREATEST(datediff(").append(formattedDate).append(",sch.duedate),0) and ") - .append("GREATEST(datediff(").append(formattedDate).append(",sch.duedate),0) <= pcd.max_age) and ") + .append("(pcd.min_age <= GREATEST(datediff(?").append(",sch.duedate),0) and ") + .append("GREATEST(datediff(?").append(",sch.duedate),0) <= pcd.max_age) and ") .append("pcd.criteria_id is not null ").append("LEFT JOIN m_client mclient ON mclient.id = loan.client_id ") .append("LEFT JOIN m_group mgroup ON mgroup.id = loan.group_id ") .append("where loan.loan_status_id=300 and sch.duedate = ")
