details: https://code.openbravo.com/erp/devel/pi/rev/9dadb3c0427b
changeset: 19668:9dadb3c0427b
user: Javier Etxarri <javier.echarri <at> openbravo.com>
date: Wed Feb 13 17:47:47 2013 +0100
summary: Fixes issue 23064: When one alert is trying to insert a value with '
openbravo is having problems
diffstat:
src/org/openbravo/erpCommon/ad_process/AlertProcess.java | 41 ++++++++++++---
1 files changed, 31 insertions(+), 10 deletions(-)
diffs (65 lines):
diff -r 20934ef12e27 -r 9dadb3c0427b
src/org/openbravo/erpCommon/ad_process/AlertProcess.java
--- a/src/org/openbravo/erpCommon/ad_process/AlertProcess.java Wed Feb 13
16:55:42 2013 +0100
+++ b/src/org/openbravo/erpCommon/ad_process/AlertProcess.java Wed Feb 13
17:47:47 2013 +0100
@@ -157,10 +157,11 @@
.getProperty("dateTimeFormat.sql");
// These fields are foreign keys that might be null
- String userStr = user.isEmpty() ? null : "\'" + user + "\'";
- String roleStr = role.isEmpty() ? null : "\'" + role + "\'";
- String ruleIdStr = ruleId.isEmpty() ? null : "\'" + ruleId + "\'";
- String recordIdStr = recordId.isEmpty() ? null : "\'" + recordId + "\'";
+
+ String userStr = user.isEmpty() ? null : user;
+ String roleStr = role.isEmpty() ? null : role;
+ String ruleIdStr = ruleId.isEmpty() ? null : ruleId;
+ String recordIdStr = recordId.isEmpty() ? null : recordId;
// The date needs to be formated
String createdStr = "to_timestamp(\'" + created + "\', \'" +
dateTimeFormat + "\')";
// These field needs to be escaped
@@ -173,19 +174,39 @@
sqlBuilder.append("AD_ALERTRULE_ID, RECORD_ID, REFERENCEKEY_ID, ");
sqlBuilder.append("DESCRIPTION, AD_USER_ID, AD_ROLE_ID, STATUS) ");
sqlBuilder.append("VALUES ");
- sqlBuilder.append("(\'" + alertId + "\', \'" + clientId + "\', \'" + orgId
+ "\', ");
- sqlBuilder.append("\'Y\'" + ", " + createdStr + ", \'" + createdBy + "\',
" + "now()" + ", "
- + "\'0\'" + ", ");
- sqlBuilder.append(ruleIdStr + ", " + recordIdStr + ", \'" + referenceKey +
"\', ");
- sqlBuilder.append("\'" + descriptionStr + "\', " + userStr + ", " +
roleStr + ", " + "\'NEW\'"
- + ")");
+ sqlBuilder.append("(?, ?, ?, " + "\'Y\', " + createdStr + ", ?, " +
"now()" + ", " + "\'0\'"
+ + ", ?, ?, ?, ?, ?, ?, " + "\'NEW\')");
String strSql = sqlBuilder.toString();
int updateCount = 0;
PreparedStatement st = null;
+ int iParameter = 0;
+
try {
st = connectionProvider.getPreparedStatement(strSql);
+
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, alertId);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, clientId);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, orgId);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, createdBy);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, ruleIdStr);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, recordIdStr);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, referenceKey);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, descriptionStr);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, userStr);
+ iParameter++;
+ UtilSql.setValue(st, iParameter, 12, null, roleStr);
+
updateCount = st.executeUpdate();
} catch (SQLException e) {
log4j.error("SQL error in query: " + strSql + "Exception:" + e);
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
