Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0040700
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Openbravo ERP] Z. Othersminorhave not tried2019-04-04 13:382019-05-03 11:53
ReporteralostaleView Statuspublic 
Assigned Tononofrancisco 
PrioritynormalResolutionfixedFixed in Version3.0PR19Q1.1
StatusclosedFix in branchFixed in SCM revision4f276eb2112c
ProjectionnoneETAnoneTarget Version3.0PR19Q1.1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tovmromanos
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0040700: use bind-parameters in FactLine

DescriptionFactLine.getDescription method is generating a sql setting parameters by String concatenation, replace tokens by bind parameters.
Steps To Reproduce-
Proposed SolutionIf query can be executed in Dal transaction can be done as:

        strSql = strSql.replaceAll("@RecordId@", ":recordId").replaceAll("@Line@", ":lineId");
        description.append(OBDal.getInstance().getSession()
            .createNativeQuery(strSql)
            .setParameter("lineId", localStrLine)
            .setParameter("recordId", strRecord_ID)
            .uniqueResult());
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0040523 closednonofrancisco use bind-parameters in FactLine 

-  Notes
(0111464)
hgbot (developer)
2019-05-03 11:27

 Repository: erp/backports/3.0PR19Q1.1
Changeset: 4f276eb2112cc9de0c80734c0a93770dd71cb67d
Author: Nono Carballo <nonofce <at> gmail.com>
Date: Thu May 02 12:00:38 2019 -0400
URL: http://code.openbravo.com/erp/backports/3.0PR19Q1.1/rev/4f276eb2112cc9de0c80734c0a93770dd71cb67d [^]

Fixes issue 40700: Uses bind parameters in query

Instead of using string concatenation to form the query, bind parameters are
used.

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111465)
hgbot (developer)
2019-05-03 11:27

 Repository: erp/backports/3.0PR19Q1.1
Changeset: 240b635f238d4258527a8b6ede0354b67515f0f8
Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com>
Date: Fri May 03 09:54:13 2019 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR19Q1.1/rev/240b635f238d4258527a8b6ede0354b67515f0f8 [^]

Related to issue 40700: code review improvements
Centralize localStrLine definition in just one line, when it's used.
Change parameter names to make more difficult to have conflicts with user defined params.
Remove 'if' for corner case. This creates a very small change in this scenario:
  select 'RecordId: ' || @RecordId@ || ', Line: ' || @Line@ from dual
  When Line is null then:
    Before: NULL
    After: RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: NULL

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111469)
vmromanos (manager)
2019-05-03 11:53

 Code review + testing OK

- Issue History
Date Modified Username Field Change
2019-04-29 13:34 nonofrancisco Type defect => backport
2019-04-29 13:34 nonofrancisco Target Version => 3.0PR19Q1.1
2019-05-03 11:27 hgbot Checkin
2019-05-03 11:27 hgbot Note Added: 0111464
2019-05-03 11:27 hgbot Status scheduled => resolved
2019-05-03 11:27 hgbot Resolution open => fixed
2019-05-03 11:27 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR19Q1.1/rev/4f276eb2112cc9de0c80734c0a93770dd71cb67d [^]
2019-05-03 11:27 hgbot Checkin
2019-05-03 11:27 hgbot Note Added: 0111465
2019-05-03 11:53 vmromanos Review Assigned To => vmromanos
2019-05-03 11:53 vmromanos Note Added: 0111469
2019-05-03 11:53 vmromanos Status resolved => closed
2019-05-03 11:53 vmromanos Fixed in Version => 3.0PR19Q1.1

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker