Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0040584
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSmajorhave not tried2019-04-10 12:532019-04-12 07:45
ReportershuehnerView Statuspublic 
Assigned Toranjith_qualiantech_com 
PrioritynormalResolutionfixedFixed in Version
StatusresolvedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0040584: CashUpReport.doPost is not using bind-parameters

DescriptionThis code is not using bind-params:

      final String hqlCashup = "SELECT netsales, grosssales, netreturns, grossreturns, totalretailtransactions " //
          + " FROM OBPOS_App_Cashup " //
          + " WHERE id = '" + cashupId + "' "; //
      final Query<Object[]> cashupQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlCashup, Object[].class);

and

      final String hqlTaxes = String.format("SELECT name, STR(ABS(amount)) " //
          + " FROM OBPOS_Taxcashup " //
          + " WHERE obpos_app_cashup_id='%s' AND ordertype='0' " //
          + " ORDER BY name ", cashupId);
      final Query<Object[]> salesTaxesQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlTaxes, Object[].class);

and

      final String hqlReturnTaxes = String.format("SELECT name, STR(ABS(amount)) " //
          + " FROM OBPOS_Taxcashup " //
          + " WHERE obpos_app_cashup_id='%s' AND ordertype='1' " //
          + " ORDER BY name ", cashupId);
      final Query<Object[]> returnsTaxesQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlReturnTaxes, Object[].class);
Steps To Reproduce-
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks design defect 0038136 acknowledgedplatform Openbravo ERP Tracking issue: Find & Fix queries not using bind-params but embedding values into query string 

-  Notes
(0111090)
ranjith_qualiantech_com (developer)
2019-04-12 07:45

Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: c82334b59fdf53cb9b49284e8ff3a939c5c46d03
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Fri Apr 12 11:13:56 2019 +0530
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c82334b59fdf53cb9b49284e8ff3a939c5c46d03 [^] [^]

Fixed issue 40584 : Update CashupReport query to use query parameter

---
M src/org/openbravo/retail/posterminal/ad_reports/CashUpReport.java

- Issue History
Date Modified Username Field Change
2019-04-10 12:53 shuehner New Issue
2019-04-10 12:53 shuehner Assigned To => Retail
2019-04-10 12:53 shuehner Triggers an Emergency Pack => No
2019-04-10 12:53 shuehner Relationship added blocks 0038136
2019-04-11 11:53 ranjith_qualiantech_com Assigned To Retail => ranjith_qualiantech_com
2019-04-12 07:24 ranjith_qualiantech_com Status new => scheduled
2019-04-12 07:45 ranjith_qualiantech_com Note Added: 0111090
2019-04-12 07:45 ranjith_qualiantech_com Status scheduled => resolved
2019-04-12 07:45 ranjith_qualiantech_com Resolution open => fixed


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker