midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix [2893220] - InfoGeneral does not escape quotes 

https://sourceforge.net/tracker/?func=detail&atid=879332&aid=2893220&group_id=176962
Fix in zkwebui
This commit is contained in:
Carlos Ruiz 2009-11-06 14:13:07 +00:00
parent edf1aa2eff
commit a1830182bb
1 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
zkwebui/WEB-INF/src/org/adempiere/webui/panel/InfoGeneralPanel.java
View File

@ -314,7 +314,7 @@ public class InfoGeneralPanel extends InfoPanel implements EventListener
// Default
StringBuffer colSql = new StringBuffer(columnSql);
Class colClass = null;
Class<?> colClass = null;
if (isKey)
colClass = IDColumn.class;
@ -395,20 +395,44 @@ public class InfoGeneralPanel extends InfoPanel implements EventListener
{
if (!(value.equals("") || value.equals("%")) && index < m_queryColumns.size())
{
sql.append(" AND UPPER(").append(m_queryColumnsSql.get(index).toString()).append(") LIKE '");
sql.append(value);
if (value.endsWith("%"))
sql.append("'");
else
sql.append("%'");
// Angelo Dabala' (genied) nectosoft: [2893220] avoid to append string parameters directly because of special chars like quote(s)
sql.append(" AND UPPER(").append(m_queryColumnsSql.get(index).toString()).append(") LIKE ?");
}
}
@Override
/**
* Get SQL WHERE parameter
* @param f field
* @return sql part
*/
private String getSQLText (Textbox f)
{
String s = f.getText().toUpperCase();
if (!s.endsWith("%"))
s += "%";
log.fine( "String=" + s);
return s;
} // getSQLText
/**
* Set Parameters for Query.
* (as defined in getSQLWhere)
* @param pstmt statement
* @param forCount for counting records
* @throws SQLException
*/
protected void setParameters(PreparedStatement pstmt, boolean forCount) throws SQLException
{
}
int index = 1;
if (txt1.getText().length() > 0)
pstmt.setString(index++, getSQLText(txt1));
if (txt2.getText().length() > 0)
pstmt.setString(index++, getSQLText(txt2));
if (txt3.getText().length() > 0)
pstmt.setString(index++, getSQLText(txt3));
if (txt4.getText().length() > 0)
pstmt.setString(index++, getSQLText(txt4));
} // setParameters
public void tableChanged(WTableModelEvent event)
{