use Prepared Statement in Data_alias.CONTRACT.query

38edd4fc · Johannes Hörmann · 30f55108 · 38edd4fc
Commit 38edd4fc authored 5 years ago by Johannes Hörmann
--- a/aliasDefinition/Data_alias/indexsearchgroups/contract/query.js
+++ b/aliasDefinition/Data_alias/indexsearchgroups/contract/query.js
-import("system.translate");
 import("system.result");
-import("system.vars");
-import("system.calendars");
 import("system.db");
+import("system.vars");
+import("system.translate");
 import("Keyword_lib");
 import("Sql_lib");
 import("KeywordRegistry_basic");

-var sqlQuery, sqlHelper, queryCondition, affectedIds;
-queryCondition = "";
+var sqlHelper = new SqlMaskingUtils();
+var affectedIds;
+
+var sqlQuery = newSelect("CONTRACTID, " 
+                    + sqlHelper.concat(["CONTRACTCODE", KeywordUtils.getResolvedTitleSqlPart($KeywordRegistry.contractStatus(), "CONTRACTSTATUS")], " | ")
+                    + " as TITLECOLUMN, " 
+                    + sqlHelper.concat(["ORGANISATION.NAME", "'| " + translate.text("Type of contract") + ":'", 
+                            KeywordUtils.getResolvedTitleSqlPart($KeywordRegistry.contractType(), "CONTRACTTYPE")]) 
+                    + " as DESCCOLUMN, CONTRACTCODE, ORGANISATION.NAME, CUSTOMERCODE " )
+                .from("CONTRACT")
+                .join("CONTACT", "CONTRACT.CONTACT_ID = CONTACTID")
+                .join("ORGANISATION", "ORGANISATIONID = CONTACT.ORGANISATION_ID")
+                .orderBy("CONTRACTCODE")
+
 if (vars.exists("$local.idvalue")) {
    affectedIds = vars.get("$local.idvalue");
-    queryCondition = "where CONTRACTID in ('" + affectedIds.map(function (v){return db.quote(v);}).join("', '") + "')";
-    //TODO: refactor this for incremental indexer (injections?)
+    sqlQuery.where("CONTRACT.CONTRACTID", affectedIds, SqlBuilder.IN())
 }
-sqlHelper = new SqlMaskingUtils();
-sqlQuery = "select CONTRACTID, " 
-    + sqlHelper.concat(["CONTRACTCODE", KeywordUtils.getResolvedTitleSqlPart($KeywordRegistry.contractStatus(), "CONTRACTSTATUS")], " | ")
-    + " as TITLECOLUMN, " 
-    + sqlHelper.concat(["ORGANISATION.NAME", "'| " + translate.text("Type of contract") + ":'", 
-            KeywordUtils.getResolvedTitleSqlPart($KeywordRegistry.contractType(), "CONTRACTTYPE")]) 
-    + " as DESCCOLUMN, CONTRACTCODE, ORGANISATION.NAME, CUSTOMERCODE " 
-    + " from CONTRACT "
-    + " join CONTACT on CONTRACT.CONTACT_ID = CONTACTID "
-    + " join ORGANISATION on ORGANISATIONID = CONTACT.ORGANISATION_ID "
-    + queryCondition + " order by CONTRACTCODE ";
+
 result.string(sqlQuery);
\ No newline at end of file