Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0040699Openbravo ERPZ. Otherspublic2019-04-04 13:382019-05-03 12:02
Reporteralostale 
Assigned Tononofrancisco 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR19Q2Fixed in Version3.0PR19Q2 
Merge Request Status
Review Assigned Tovmromanos
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0040699: use bind-parameters in FactLine
DescriptionFactLine.getDescription method is generating a sql setting parameters by String concatenation, replace tokens by bind parameters.
Steps To Reproduce-
Proposed SolutionIf query can be executed in Dal transaction can be done as:

        strSql = strSql.replaceAll("@RecordId@", ":recordId").replaceAll("@Line@", ":lineId");
        description.append(OBDal.getInstance().getSession()
            .createNativeQuery(strSql)
            .setParameter("lineId", localStrLine)
            .setParameter("recordId", strRecord_ID)
            .uniqueResult());
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0040523 closed nonofrancisco use bind-parameters in FactLine 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-04-29 13:34nonofranciscoTypedefect => backport
2019-04-29 13:34nonofranciscoTarget Version => 3.0PR19Q2
2019-05-03 11:28hgbotCheckin
2019-05-03 11:28hgbotNote Added: 0111466
2019-05-03 11:28hgbotStatusscheduled => resolved
2019-05-03 11:28hgbotResolutionopen => fixed
2019-05-03 11:28hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR19Q2/rev/a6071ba31e77bbd096a9ea96de16cb61eac7b7bd [^]
2019-05-03 11:28hgbotCheckin
2019-05-03 11:28hgbotNote Added: 0111467
2019-05-03 12:02vmromanosReview Assigned To => vmromanos
2019-05-03 12:02vmromanosNote Added: 0111471
2019-05-03 12:02vmromanosStatusresolved => closed
2019-05-03 12:02vmromanosFixed in Version => 3.0PR19Q2

Notes
(0111466)
hgbot   
2019-05-03 11:28   
Repository: erp/backports/3.0PR19Q2
Changeset: a6071ba31e77bbd096a9ea96de16cb61eac7b7bd
Author: Nono Carballo <nonofce <at> gmail.com>
Date: Thu May 02 12:00:38 2019 -0400
URL: http://code.openbravo.com/erp/backports/3.0PR19Q2/rev/a6071ba31e77bbd096a9ea96de16cb61eac7b7bd [^]

Fixes issue 40699: Uses bind parameters in query

Instead of using string concatenation to form the query, bind parameters are
used.

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111467)
hgbot   
2019-05-03 11:28   
Repository: erp/backports/3.0PR19Q2
Changeset: 210417cb1b7e165b4399d2b909a80be3f19915c1
Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com>
Date: Fri May 03 09:54:13 2019 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR19Q2/rev/210417cb1b7e165b4399d2b909a80be3f19915c1 [^]

Related to issue 40699: code review improvements
Centralize localStrLine definition in just one line, when it's used.
Change parameter names to make more difficult to have conflicts with user defined params.
Remove 'if' for corner case. This creates a very small change in this scenario:
  select 'RecordId: ' || @RecordId@ || ', Line: ' || @Line@ from dual
  When Line is null then:
    Before: NULL
    After: RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: NULL

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111471)
vmromanos   
2019-05-03 12:02   
Code review + testing OK