[OpenbravoERP-commits] devel/pi: Fixes issue 40559: Uses bind parameters in query

Wed, 08 May 2019 03:25:23 -0700 

details:   https://code.openbravo.com/erp/devel/pi/rev/2eab22ee5862
changeset: 35726:2eab22ee5862
user:      Nono Carballo <nonofce <at> gmail.com>
date:      Mon Apr 22 15:04:05 2019 -0400
summary:   Fixes issue 40559: Uses bind parameters in query

Instead of using string concatenation in client and organization filters in
where clause, bind parameters are used

diffstat:

 src/org/openbravo/erpCommon/ad_callouts/SL_TaxCategory_Org.java |  7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diffs (31 lines):

diff -r e98fa7d50bdb -r 2eab22ee5862 
src/org/openbravo/erpCommon/ad_callouts/SL_TaxCategory_Org.java
--- a/src/org/openbravo/erpCommon/ad_callouts/SL_TaxCategory_Org.java   Mon Apr 
22 16:23:50 2019 -0400
+++ b/src/org/openbravo/erpCommon/ad_callouts/SL_TaxCategory_Org.java   Mon Apr 
22 15:04:05 2019 -0400
@@ -11,7 +11,7 @@
  * under the License.
  * The Original Code is Openbravo ERP.
  * The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2012-2016 Openbravo SLU
+ * All portions are Copyright (C) 2012-2019 Openbravo SLU
  * All Rights Reserved.
  * Contributor(s):  ______________________________________.
  ************************************************************************
@@ -46,8 +46,7 @@
     String whereClause = "";
 
     while ("".equals(taxCategoryId)) {
-      whereClause = "as tn where tn.node = '" + organization.getId() + "' and 
tn.client.id = '"
-          + organization.getClient().getId() + "'";
+      whereClause = "as tn where tn.node = :organizationId and tn.client.id = 
:clientId";
       OBCriteria<TaxCategory> taxCategory = 
OBDal.getInstance().createCriteria(TaxCategory.class);
       taxCategory.add(Restrictions.eq(TaxCategory.PROPERTY_ORGANIZATION, 
organization));
       taxCategory.add(Restrictions.eq(TaxCategory.PROPERTY_DEFAULT, true));
@@ -56,6 +55,8 @@
       TaxCategory taxCategoryObject = (!listTaxCategory.isEmpty() ? 
listTaxCategory.get(0) : null);
       if (taxCategoryObject == null && !"0".equals(organization.getId())) {
         OBQuery<TreeNode> query = 
OBDal.getInstance().createQuery(TreeNode.class, whereClause);
+        query.setNamedParameter("organizationId", organization.getId());
+        query.setNamedParameter("clientId", organization.getClient().getId());
         query.setMaxResult(1);
         List<TreeNode> listTreeNode = query.list();
         TreeNode treeNode = listTreeNode.get(0);


_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits

Reply via email to