Project:
View Revisions: Issue #40569 | [ All Revisions ] [ Back to Issue ] | ||
Summary | 0040569: LabelsComponent.(getLabels+getLists) are not using bind-parameters | ||
Revision | 2019-04-10 12:40 by shuehner | ||
Description | Those 2 methods both are not using bind-params: String modules = getMobileAppDependantModuleIds(moduleId); JSONObject labels = new JSONObject(); String hqlLabel = "select message.searchKey, message.messageText "// + "from ADMessage message " // + "where module.id in " + modules; String hqlTrlLabels = "select trl.message.searchKey, trl.messageText from ADMessageTrl trl where trl.message.module.id in " + modules + " and trl.language.id='" + langId + "'"; and String hqlLists = "select list.reference.id, list.searchKey as id, coalesce(" + " (select trl.name from list.aDListTrlList trl where trl.language.id = '" + langId + "'), list.name) as name " + "from ADList list " // + "where list.reference.module.id in " + modules + " and list.module.id in " + modules + "order by list.reference.id, list.sequenceNumber"; Query<Object[]> qryLists = OBDal.getInstance() .getSession() .createQuery(hqlLists, Object[].class); |
||
Revision | 2019-04-10 11:16 by shuehner | ||
Description | Those 2 methods both are not using bind-params: String modules = getMobileAppDependantModuleIds(moduleId); JSONObject labels = new JSONObject(); String hqlLabel = "select message.searchKey, message.messageText "// + "from ADMessage message " // + "where module.id in " + modules; and String hqlLists = "select list.reference.id, list.searchKey as id, coalesce(" + " (select trl.name from list.aDListTrlList trl where trl.language.id = '" + langId + "'), list.name) as name " + "from ADList list " // + "where list.reference.module.id in " + modules + " and list.module.id in " + modules + "order by list.reference.id, list.sequenceNumber"; Query<Object[]> qryLists = OBDal.getInstance() .getSession() .createQuery(hqlLists, Object[].class); |
Copyright © 2000 - 2009 MantisBT Group |