openerp-dev team mailing list archive

Thread
Date

Re: Search Method and SQL Injections

To: openerp-dev@xxxxxxxxxxxxxxxxxxx
From: "Stéphane Wirtel, OpenERP" <stw@xxxxxxxxxxx>
Date: Tue, 10 Aug 2010 14:19:27 +0200
In-reply-to: <4C61408A.1040205@openerp.com>
Organization: OpenERP S.A.
Reply-to: stw@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6

> We can rewrite the query with the search method and with this way, avoid the sql query and the code is readable.
> Example:
> 
> 	journal_obj = self.pool.get('account.journal')
> 	journal_ids = journal_obj.search(cr, uid,
> 					[('auto_cash', '=', True),
> 					 ('type', '=', 'cash'),
> 					 ('id', 'in', j_ids)])
> 
> 	for journal in journal_obj(cr, uid, journal_ids):
> 		# do something

Forgot the 'browse' method.

Stéphane
-- 
Stephane Wirtel - "As OpenERP is OpenSource, please feel free to contribute."
Quality/Release Manager
Technical Project Manager
OpenERP S.A.
Chaussee de Namur, 40
B-1367 Grand-Rosière
Tel: +32.81.81.37.00
Web: http://www.openerp.com
Planet: http://www.openerp.com/planet/
Blog: http://stephane-wirtel-at-tiny.blogspot.com

begin:vcard
fn;quoted-printable:St=C3=A9phane Wirtel
n;quoted-printable:Wirtel;St=C3=A9phane
org:OpenERP S.A.
adr;quoted-printable;quoted-printable:;;Chauss=C3=A9e de Namur, 40;Grand-Rosi=C3=A8re;;1367;Belgium
email;internet:stw@xxxxxxxxxxx
title:Developer
tel;work:+32.81.81.37.00
note;quoted-printable:OpenERP is an Open Source enterprise management software=0D=0A=
	=0D=0A=
	http://www.openerp.com
url:http://www.openerp.com
version:2.1
end:vcard

References

Search Method and SQL Injections
From: Stéphane Wirtel, OpenERP, 2010-08-10