Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0040700Openbravo ERPZ. Otherspublic2019-04-04 13:382019-05-03 11:53
alostale 
nonofrancisco 
normalminorhave not tried
closedfixed 
5
 
3.0PR19Q1.13.0PR19Q1.1 
vmromanos
Core
No
0040700: use bind-parameters in FactLine
FactLine.getDescription method is generating a sql setting parameters by String concatenation, replace tokens by bind parameters.
-
If query can be executed in Dal transaction can be done as:

        strSql = strSql.replaceAll("@RecordId@", ":recordId").replaceAll("@Line@", ":lineId");
        description.append(OBDal.getInstance().getSession()
            .createNativeQuery(strSql)
            .setParameter("lineId", localStrLine)
            .setParameter("recordId", strRecord_ID)
            .uniqueResult());
No tags attached.
blocks defect 0040523 closed nonofrancisco use bind-parameters in FactLine 
Issue History
2019-04-29 13:34nonofranciscoTypedefect => backport
2019-04-29 13:34nonofranciscoTarget Version => 3.0PR19Q1.1
2019-05-03 11:27hgbotCheckin
2019-05-03 11:27hgbotNote Added: 0111464
2019-05-03 11:27hgbotStatusscheduled => resolved
2019-05-03 11:27hgbotResolutionopen => fixed
2019-05-03 11:27hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR19Q1.1/rev/4f276eb2112cc9de0c80734c0a93770dd71cb67d [^]
2019-05-03 11:27hgbotCheckin
2019-05-03 11:27hgbotNote Added: 0111465
2019-05-03 11:53vmromanosReview Assigned To => vmromanos
2019-05-03 11:53vmromanosNote Added: 0111469
2019-05-03 11:53vmromanosStatusresolved => closed
2019-05-03 11:53vmromanosFixed in Version => 3.0PR19Q1.1

Notes
(0111464)
hgbot   
2019-05-03 11:27   
Repository: erp/backports/3.0PR19Q1.1
Changeset: 4f276eb2112cc9de0c80734c0a93770dd71cb67d
Author: Nono Carballo <nonofce <at> gmail.com>
Date: Thu May 02 12:00:38 2019 -0400
URL: http://code.openbravo.com/erp/backports/3.0PR19Q1.1/rev/4f276eb2112cc9de0c80734c0a93770dd71cb67d [^]

Fixes issue 40700: Uses bind parameters in query

Instead of using string concatenation to form the query, bind parameters are
used.

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111465)
hgbot   
2019-05-03 11:27   
Repository: erp/backports/3.0PR19Q1.1
Changeset: 240b635f238d4258527a8b6ede0354b67515f0f8
Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com>
Date: Fri May 03 09:54:13 2019 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR19Q1.1/rev/240b635f238d4258527a8b6ede0354b67515f0f8 [^]

Related to issue 40700: code review improvements
Centralize localStrLine definition in just one line, when it's used.
Change parameter names to make more difficult to have conflicts with user defined params.
Remove 'if' for corner case. This creates a very small change in this scenario:
  select 'RecordId: ' || @RecordId@ || ', Line: ' || @Line@ from dual
  When Line is null then:
    Before: NULL
    After: RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: NULL

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111469)
vmromanos   
2019-05-03 11:53   
Code review + testing OK