Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0040701Openbravo ERPZ. Otherspublic2019-04-04 13:382019-05-03 11:58
Reporteralostale 
Assigned Tononofrancisco 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionopen 
PlatformOS5OS Version
Product Version 
Target Version3.0PR18Q4.4Fixed in Version 
Merge Request Status
Review Assigned Tovmromanos
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0040701: use bind-parameters in FactLine
DescriptionFactLine.getDescription method is generating a sql setting parameters by String concatenation, replace tokens by bind parameters.
Steps To Reproduce-
Proposed SolutionIf query can be executed in Dal transaction can be done as:

        strSql = strSql.replaceAll("@RecordId@", ":recordId").replaceAll("@Line@", ":lineId");
        description.append(OBDal.getInstance().getSession()
            .createNativeQuery(strSql)
            .setParameter("lineId", localStrLine)
            .setParameter("recordId", strRecord_ID)
            .uniqueResult());
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0040523 closed nonofrancisco use bind-parameters in FactLine 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-04-29 13:34nonofranciscoTypedefect => backport
2019-04-29 13:34nonofranciscoTarget Version => 3.0PR18Q4.4
2019-05-03 11:58vmromanosReview Assigned To => vmromanos
2019-05-03 11:58vmromanosNote Added: 0111470
2019-05-03 11:58vmromanosStatusscheduled => closed

Notes
(0111470)
vmromanos   
2019-05-03 11:58   
There is no need to backport to 18Q4 since 19Q1.1 is going to be promoted to CS very soon