Anonymous | Login

Project:

News | My View | View Issues | Roadmap | Summary

View Issue Details[ Jump to Notes ]

[ Issue History ] [ Print ]

ID

0040584

Type

Category

Severity

Reproducibility

Date Submitted

Last Update

defect

[Retail Modules] Web POS

major

have not tried

2019-04-10 12:53

2019-04-30 11:55

Reporter

shuehner

View Status

public

Assigned To

ranjith_qualiantech_com

Priority

normal

Resolution

fixed

Fixed in Version

Status

closed

Fix in branch

Fixed in SCM revision

Projection

none

ETA

none

Target Version

OS

Any

Database

Any

Java version

OS Version

Database version

Ant version

Product Version

SCM revision

Review Assigned To

adrianromero

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

No

Summary

0040584: CashUpReport.doPost is not using bind-parameters

Description

This code is not using bind-params:

      final String hqlCashup = "SELECT netsales, grosssales, netreturns, grossreturns, totalretailtransactions " //
          + " FROM OBPOS_App_Cashup " //
          + " WHERE id = '" + cashupId + "' "; //
      final Query<Object[]> cashupQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlCashup, Object[].class);

and

      final String hqlTaxes = String.format("SELECT name, STR(ABS(amount)) " //
          + " FROM OBPOS_Taxcashup " //
          + " WHERE obpos_app_cashup_id='%s' AND ordertype='0' " //
          + " ORDER BY name ", cashupId);
      final Query<Object[]> salesTaxesQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlTaxes, Object[].class);

and

      final String hqlReturnTaxes = String.format("SELECT name, STR(ABS(amount)) " //
          + " FROM OBPOS_Taxcashup " //
          + " WHERE obpos_app_cashup_id='%s' AND ordertype='1' " //
          + " ORDER BY name ", cashupId);
      final Query<Object[]> returnsTaxesQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlReturnTaxes, Object[].class);

Steps To Reproduce

-

Tags

No tags attached.

Relationships [ Relation Graph ] [ Dependency Graph ]

depends on	backport	0040716	RR19Q2	closed	ranjith_qualiantech_com	Retail Modules	CashUpReport.doPost is not using bind-parameters
depends on	backport	0040717	RR19Q1.1	closed	ranjith_qualiantech_com	Retail Modules	CashUpReport.doPost is not using bind-parameters
blocks	design defect	0038136		acknowledged	Triage Platform Base	Openbravo ERP	Tracking issue: Find & Fix queries not using bind-params but embedding values into query string

Notes
(0111090) ranjith_qualiantech_com (developer) 2019-04-12 07:45	Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: c82334b59fdf53cb9b49284e8ff3a939c5c46d03 Author: Ranjith S R <ranjith <at> qualiantech.com> Date: Fri Apr 12 11:13:56 2019 +0530 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c82334b59fdf53cb9b49284e8ff3a939c5c46d03 [^] [^] Fixed issue 40584 : Update CashupReport query to use query parameter --- M src/org/openbravo/retail/posterminal/ad_reports/CashUpReport.java

(0111270) adrianromero (manager) 2019-04-24 12:46	Verified.

(0111385) shuehner (administrator) 2019-04-30 11:55	Reopening just to schedule backports

Issue History
Date Modified	Username	Field	Change
2019-04-10 12:53	shuehner	New Issue
2019-04-10 12:53	shuehner	Assigned To	=> Retail
2019-04-10 12:53	shuehner	Triggers an Emergency Pack	=> No
2019-04-10 12:53	shuehner	Relationship added	blocks 0038136
2019-04-11 11:53	ranjith_qualiantech_com	Assigned To	Retail => ranjith_qualiantech_com
2019-04-12 07:24	ranjith_qualiantech_com	Status	new => scheduled
2019-04-12 07:45	ranjith_qualiantech_com	Note Added: 0111090
2019-04-12 07:45	ranjith_qualiantech_com	Status	scheduled => resolved
2019-04-12 07:45	ranjith_qualiantech_com	Resolution	open => fixed
2019-04-24 12:46	adrianromero	Review Assigned To	=> adrianromero
2019-04-24 12:46	adrianromero	Note Added: 0111270
2019-04-24 12:46	adrianromero	Status	resolved => closed
2019-04-24 12:46	adrianromero	Fixed in Version	=> RR19Q3
2019-04-30 11:55	shuehner	Note Added: 0111385
2019-04-30 11:55	shuehner	Status	closed => new
2019-04-30 11:55	shuehner	Resolution	fixed => open
2019-04-30 11:55	shuehner	Fixed in Version	RR19Q3 =>
2019-04-30 11:55	shuehner	Status	new => scheduled
2019-04-30 11:55	shuehner	Status	scheduled => resolved
2019-04-30 11:55	shuehner	Resolution	open => fixed
2019-04-30 11:55	shuehner	Status	resolved => closed

Copyright © 2000 - 2009 MantisBT Group