[IMP]:account_payment sql queries to parameterized query

bzr revid: nch@tinyerp.com-20091127110243-181hk1mvg6ea34gu
2009-11-27 16:32:43 +05:30 · 2009-11-27 16:32:43 +05:30 · 27823255c1
parent b7f0246104
commit 27823255c1
2 changed files with 6 additions and 6 deletions
--- a/addons/account_payment/account_move_line.py
+++ b/addons/account_payment/account_move_line.py
@ -42,7 +42,7 @@ class account_move_line(osv.osv):
                        WHERE move_line_id = ml.id
                        AND po.state != 'cancel') as amount
                    FROM account_move_line ml
-                    WHERE id in (%s)""" % (",".join(map(str,map(int, ids)))))
+                    WHERE id =ANY(%s)""" ,(ids,))
        r=dict(cr.fetchall())
        return r

--- a/addons/account_payment/payment.py
+++ b/addons/account_payment/payment.py
@ -225,8 +225,8 @@ class payment_line(osv.osv):
            from account_move_line ml
                inner join payment_line pl
                on (ml.id = pl.move_line_id)
-            where pl.id in (%s)"""%
-            (self.translate(name), ','.join(map(str, ids))))
+            where pl.id =ANY(%s)""",
+            (self.translate(name),ids,))
        res = dict(cr.fetchall())

        if name == 'partner_id':