You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@fineract.apache.org by pt...@apache.org on 2021/04/12 22:11:03 UTC
[fineract] 01/11: FINERACT-854 Use prepared statements instead of
string concatenated SQL everywhere PART 1
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 43e038e5a61d5a06cf63ac99913a83acb4aaba9b
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sun Mar 21 12:38:58 2021 +0300
FINERACT-854 Use prepared statements instead of string concatenated SQL everywhere PART 1
---
.../service/ProvisioningEntriesReadPlatformServiceImpl.java | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
index 69ec728..89059b1 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
@@ -58,26 +58,26 @@ public class ProvisioningEntriesReadPlatformServiceImpl implements ProvisioningE
public Collection<LoanProductProvisioningEntryData> retrieveLoanProductsProvisioningData(Date date) {
String formattedDate = new SimpleDateFormat("yyyy-MM-dd").format(date);
formattedDate = "'" + formattedDate + "'";
- LoanProductProvisioningEntryMapper mapper = new LoanProductProvisioningEntryMapper(formattedDate);
+ LoanProductProvisioningEntryMapper mapper = new LoanProductProvisioningEntryMapper();
final String sql = mapper.schema();
- return this.jdbcTemplate.query(sql, mapper, new Object[] {});
+ return this.jdbcTemplate.query(sql, mapper, new Object[] {formattedDate, formattedDate, formattedDate});
}
private static final class LoanProductProvisioningEntryMapper implements RowMapper<LoanProductProvisioningEntryData> {
private final StringBuilder sqlQuery;
- private LoanProductProvisioningEntryMapper(String formattedDate) {
+ private LoanProductProvisioningEntryMapper() {
sqlQuery = new StringBuilder().append(
"select if(loan.loan_type_enum=1, mclient.office_id, mgroup.office_id) as office_id, loan.loan_type_enum, pcd.criteria_id as criteriaid, loan.product_id,loan.currency_code,")
- .append("GREATEST(datediff(").append(formattedDate)
+ .append("GREATEST(datediff(?")
.append(",sch.duedate),0) as numberofdaysoverdue,sch.duedate, pcd.category_id, pcd.provision_percentage,")
.append("loan.total_outstanding_derived as outstandingbalance, pcd.liability_account, pcd.expense_account from m_loan_repayment_schedule sch")
.append(" LEFT JOIN m_loan loan on sch.loan_id = loan.id")
.append(" JOIN m_loanproduct_provisioning_mapping lpm on lpm.product_id = loan.product_id")
.append(" JOIN m_provisioning_criteria_definition pcd on pcd.criteria_id = lpm.criteria_id and ")
- .append("(pcd.min_age <= GREATEST(datediff(").append(formattedDate).append(",sch.duedate),0) and ")
- .append("GREATEST(datediff(").append(formattedDate).append(",sch.duedate),0) <= pcd.max_age) and ")
+ .append("(pcd.min_age <= GREATEST(datediff(?").append(",sch.duedate),0) and ")
+ .append("GREATEST(datediff(?").append(",sch.duedate),0) <= pcd.max_age) and ")
.append("pcd.criteria_id is not null ").append("LEFT JOIN m_client mclient ON mclient.id = loan.client_id ")
.append("LEFT JOIN m_group mgroup ON mgroup.id = loan.group_id ")
.append("where loan.loan_status_id=300 and sch.duedate = ")