details: https://code.openbravo.com/erp/devel/pi/rev/e7d637ae77a1
changeset: 35881:e7d637ae77a1
user: Nono Carballo <nonofce <at> gmail.com>
date: Mon Apr 22 15:49:11 2019 -0400
summary: Fixes issue 40560: Uses bind parameters in query
When creating the query to get exchange rates by documents, instead of use
string concatenation, bind parameters are uses.
diffstat:
src/org/openbravo/erpCommon/ad_forms/AcctServer.java | 27 ++++++++-----------
1 files changed, 12 insertions(+), 15 deletions(-)
diffs (49 lines):
diff -r 33ab19458665 -r e7d637ae77a1
src/org/openbravo/erpCommon/ad_forms/AcctServer.java
--- a/src/org/openbravo/erpCommon/ad_forms/AcctServer.java Mon May 20
08:49:31 2019 -0400
+++ b/src/org/openbravo/erpCommon/ad_forms/AcctServer.java Mon Apr 22
15:49:11 2019 -0400
@@ -11,7 +11,7 @@
* Portions created by Jorg Janke are Copyright (C) 1999-2001 Jorg Janke, parts
* created by ComPiere are Copyright (C) ComPiere, Inc.; All Rights Reserved.
* Contributor(s): Openbravo SLU
- * Contributions are Copyright (C) 2001-2018 Openbravo S.L.U.
+ * Contributions are Copyright (C) 2001-2019 Openbravo S.L.U.
******************************************************************************
*/
package org.openbravo.erpCommon.ad_forms;
@@ -1318,25 +1318,22 @@
OBQuery<ConversionRateDoc> conversionQuery = null;
int conversionCount = 0;
if (AD_Table_ID.equals(TABLEID_Invoice)) {
- conversionQuery = OBDal.getInstance()
- .createQuery(ConversionRateDoc.class, "invoice = '" + Record_ID
+ "' and currency='"
- + currency + "' and toCurrency='" +
acctSchema.m_C_Currency_ID + "'");
+ String whereClause = "invoice.id = :recordId and currency.id =
:currency and toCurrency.id = :toCurrency";
+ conversionQuery =
OBDal.getInstance().createQuery(ConversionRateDoc.class, whereClause);
} else if (AD_Table_ID.equals(TABLEID_Payment)) {
- conversionQuery = OBDal.getInstance()
- .createQuery(ConversionRateDoc.class, "payment = '" + Record_ID
+ "' and currency='"
- + currency + "' and toCurrency='" +
acctSchema.m_C_Currency_ID + "'");
+ String whereClause = "payment.id = :recordId and currency.id =
:currency and toCurrency.id = :toCurrency";
+ conversionQuery =
OBDal.getInstance().createQuery(ConversionRateDoc.class, whereClause);
} else if (AD_Table_ID.equals(TABLEID_Transaction)) {
- conversionQuery = OBDal.getInstance()
- .createQuery(ConversionRateDoc.class,
- "financialAccountTransaction = '" + Record_ID + "' and
currency='" + currency
- + "' and toCurrency='" + acctSchema.m_C_Currency_ID +
"'");
+ String whereClause = "financialAccountTransaction.id = :recordId and
currency.id = :currency and toCurrency.id = :toCurrency";
+ conversionQuery =
OBDal.getInstance().createQuery(ConversionRateDoc.class, whereClause);
} else if (AD_Table_ID.equals(TABLEID_GLJournal)) {
- conversionQuery = OBDal.getInstance()
- .createQuery(ConversionRateDoc.class,
- "journalEntry = '" + Record_ID + "' and currency='" +
currency
- + "' and toCurrency='" + acctSchema.m_C_Currency_ID +
"'");
+ String whereClause = "journalEntry.id = :recordId and currency.id =
:currency and toCurrency.id = :toCurrency";
+ conversionQuery =
OBDal.getInstance().createQuery(ConversionRateDoc.class, whereClause);
}
if (conversionQuery != null) {
+ conversionQuery.setNamedParameter("recordId", Record_ID);
+ conversionQuery.setNamedParameter("currency", currency);
+ conversionQuery.setNamedParameter("toCurrency",
acctSchema.m_C_Currency_ID);
conversionCount = conversionQuery.count();
}
try {
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
