[OpenbravoERP-commits] devel/pi: Fixes issue 40579: Uses bind parameters in query

hg Wed, 08 May 2019 02:14:50 -0700

details:   https://code.openbravo.com/erp/devel/pi/rev/e98fa7d50bdb
changeset: 35725:e98fa7d50bdb
user:      Nono Carballo <nonofce <at> gmail.com>
date:      Mon Apr 22 16:23:50 2019 -0400
summary:   Fixes issue 40579: Uses bind parameters in query


Instead of using string concatenation in query, bind parameters are used.

diffstat:

 src/org/openbravo/financial/ResetAccounting.java |  3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diffs (15 lines):

diff -r 3c5c9d991b1e -r e98fa7d50bdb 
src/org/openbravo/financial/ResetAccounting.java
--- a/src/org/openbravo/financial/ResetAccounting.java  Tue May 07 13:26:05 
2019 +0200
+++ b/src/org/openbravo/financial/ResetAccounting.java  Mon Apr 22 16:23:50 
2019 -0400
@@ -646,9 +646,10 @@
 
   private static boolean hasProcessingColumn(String strTableId) {
     int count = 0;
-    String hql = " select count(*) from ADColumn where table.id = '" + 
strTableId + "' "
+    String hql = " select count(*) from ADColumn where table.id = :tableId "
         + " and lower(dBColumnName) = 'processing'";
     Query<Long> query = OBDal.getInstance().getSession().createQuery(hql, 
Long.class);
+    query.setParameter("tableId", strTableId);
     count = query.list().get(0).intValue();
     return (count == 1);
   }


_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits

[OpenbravoERP-commits] devel/pi: Fixes issue 40579: Uses bind parameters in query

Reply via email to