Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0040523Openbravo ERPZ. Otherspublic2019-04-04 13:382019-05-21 15:16
alostale 
nonofrancisco 
normalminorhave not tried
closedfixed 
5
 
3.0PR19Q3 
vmromanos
Core
No
0040523: use bind-parameters in FactLine
FactLine.getDescription method is generating a sql setting parameters by String concatenation, replace tokens by bind parameters.
-
If query can be executed in Dal transaction can be done as:

        strSql = strSql.replaceAll("@RecordId@", ":recordId").replaceAll("@Line@", ":lineId");
        description.append(OBDal.getInstance().getSession()
            .createNativeQuery(strSql)
            .setParameter("lineId", localStrLine)
            .setParameter("recordId", strRecord_ID)
            .uniqueResult());
No tags attached.
depends on backport 00406993.0PR19Q2 closed nonofrancisco use bind-parameters in FactLine 
depends on backport 00407003.0PR19Q1.1 closed nonofrancisco use bind-parameters in FactLine 
depends on backport 00407013.0PR18Q4.4 closed nonofrancisco use bind-parameters in FactLine 
blocks design defect 0038136 acknowledged Triage Platform Base Tracking issue: Find & Fix queries not using bind-params but embedding values into query string 
causes defect 0041848 closed markmm82 Cannot post a document if it has a customized SQL description that returns more than one record 
Issue History
2019-04-04 13:38alostaleNew Issue
2019-04-04 13:38alostaleAssigned To => Triage Finance
2019-04-04 13:38alostaleModules => Core
2019-04-04 13:38alostaleTriggers an Emergency Pack => No
2019-04-04 13:38alostaleRelationship addedblocks 0040522
2019-04-05 10:09vmromanosStatusnew => scheduled
2019-04-05 10:09vmromanosAssigned ToTriage Finance => nonofrancisco
2019-04-05 10:19vmromanosNote Added: 0110995
2019-04-05 10:19vmromanosNote Edited: 0110995bug_revision_view_page.php?bugnote_id=0110995#r18593
2019-04-09 14:04caristuProposed Solution updated
2019-04-09 20:56shuehnerRelationship addedblocks 0038136
2019-04-09 20:57shuehnerRelationship deletedblocks 0040522
2019-04-26 08:02vmromanosStatusscheduled => acknowledged
2019-04-26 15:11nonofranciscoStatusacknowledged => scheduled
2019-04-29 13:33nonofranciscoStatusscheduled => acknowledged
2019-04-29 13:34nonofranciscoStatusacknowledged => scheduled
2019-05-02 15:11nonofranciscoNote Added: 0111436
2019-05-02 16:09vmromanosNote Added: 0111438
2019-05-02 16:10vmromanosFile Added: before.png
2019-05-02 16:10vmromanosFile Added: after.png
2019-05-02 16:28vmromanosNote Edited: 0111438bug_revision_view_page.php?bugnote_id=0111438#r18699
2019-05-02 16:28vmromanosFile Deleted: before.png
2019-05-02 16:28vmromanosFile Deleted: after.png
2019-05-03 09:55vmromanosNote Edited: 0111438bug_revision_view_page.php?bugnote_id=0111438#r18702
2019-05-03 10:13hgbotCheckin
2019-05-03 10:13hgbotNote Added: 0111460
2019-05-03 10:13hgbotStatusscheduled => resolved
2019-05-03 10:13hgbotResolutionopen => fixed
2019-05-03 10:13hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/54f5cc848bee48edf56131bff6b0265e17a75a99 [^]
2019-05-03 10:13hgbotCheckin
2019-05-03 10:13hgbotNote Added: 0111461
2019-05-03 12:02vmromanosReview Assigned To => vmromanos
2019-05-03 12:02vmromanosNote Added: 0111472
2019-05-03 12:02vmromanosStatusresolved => closed
2019-05-03 12:02vmromanosFixed in Version => 3.0PR19Q3
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0112006
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0112007
2019-09-18 15:03ngarciaRelationship addedcauses 0041848

Notes
(0110995)
vmromanos   
2019-04-05 10:19   
Backport to previous releases

(0111436)
nonofrancisco   
2019-05-02 15:11   
Test Plan

As System Administrator
Open Widows Tabs and Field window
Filter by "General Ledger Configuration"
Select Active Tables tab
Set Displayed = true for field "SQL Description"
Rebuild the system

As F&B Group Admin mode
Select General Ledger "F&B International Group US/A/US Dollar"
Move to Active Table tab
Select "Invoice" table
Write this query in SQL Description field
"select o.name from c_invoice i inner join ad_org o on i.ad_org_id = o.ad_org_id and i.c_invoice_id = @RecordId@ and i.c_invoice_id <> @Line@"

Create a Sales Invoice
Complete the document
Post the document
Verify the operation completes successfully
(0111438)
vmromanos   
2019-05-02 16:09   
(edited on: 2019-05-03 09:55)
Extended test plan:

As System Administrator
Open Widows Tabs and Field window
Filter by "General Ledger Configuration"
Select Active Tables tab
Set Displayed = true for field "SQL Description"
Rebuild the system

As F&B Group Admin mode
Select General Ledger "F&B España, S.A. US/A/Euro"
Move to Active Table tab
Select "Invoice" table
Write this query in SQL Description field:
select 'RecordId: ' || @RecordId@ || ', Line: ' || @Line@ from dual

Create a Sales Invoice for España Norte
Complete the document
Post the document
Verify the operation completes successfully
Inside the Journal Entries Report for "F&B España, S.A. US/A/Euro", press the Detail link.
Verify the description field looks like (the IDs might change):
43000 Clientes (euros) a corto plazo 185.13 RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: 5B172283D5474E7384BE6FA4EE1B521B
47700 Hacienda Pública IVA repercutido 32.13 RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: NULL
70000 Ventas de mercaderías 153.00 RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: 92488D61F72E4E288C8382FA5E537DEE


As F&B Group Admin mode
Select General Ledger "F&B España, S.A. US/A/Euro"
Move to Active Table tab
Select "Invoice" table
Write this query in SQL Description field:
select @Line@ from dual
(Note there is no @RecordId@ this time).

Create a Sales Invoice for España Norte
Complete the document
Post the document.
Verify the description field looks like (the IDs might change):
43000 Clientes (euros) a corto plazo 185.13 5B172283D5474E7384BE6FA4EE1B521B
47700 Hacienda Pública IVA repercutido 32.13
70000 Ventas de mercaderías 153.00 92488D61F72E4E288C8382FA5E537DEE

(0111460)
hgbot   
2019-05-03 10:13   
Repository: erp/devel/pi
Changeset: 54f5cc848bee48edf56131bff6b0265e17a75a99
Author: Nono Carballo <nonofce <at> gmail.com>
Date: Thu May 02 12:00:38 2019 -0400
URL: http://code.openbravo.com/erp/devel/pi/rev/54f5cc848bee48edf56131bff6b0265e17a75a99 [^]

Fixes issue 40523: Uses bind parameters in query

Instead of using string concatenation to form the query, bind parameters are
used.

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111461)
hgbot   
2019-05-03 10:13   
Repository: erp/devel/pi
Changeset: a09be04c90d76eada9ca5765d798ab75194cacae
Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com>
Date: Fri May 03 09:54:13 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/a09be04c90d76eada9ca5765d798ab75194cacae [^]

Related to issue 40523: code review improvements
Centralize localStrLine definition in just one line, when it's used.
Change parameter names to make more difficult to have conflicts with user defined params.
Remove 'if' for corner case. This creates a very small change in this scenario:
  select 'RecordId: ' || @RecordId@ || ', Line: ' || @Line@ from dual
  When Line is null then:
    Before: NULL
    After: RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: NULL

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111472)
vmromanos   
2019-05-03 12:02   
Code review + testing OK
(0112006)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test
(0112007)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test